Attaching Nyx (arm) to Tor's control port triggers sandbox
Originally created by @anonym on #9284 (Redmine)
This is what Tor logs before it dies in Tails:
============================================================ T= 1430215250
(Sandbox) Caught a bad syscall attempt (syscall prlimit64)
/usr/bin/tor(+0x143019)[0xf76c1019]
/lib/i386-linux-gnu/libc.so.6(getrlimit64+0x2d)[0xf7205a6d]
/lib/i386-linux-gnu/libc.so.6(getrlimit64+0x2d)[0xf7205a6d]
/usr/bin/tor(set_max_file_descriptors+0x4e)[0xf76aa91e]
That was with Tor 0.2.6.7 with bug15482.patch applied (from the
feature/9114-tor-with-bug15482.patch
branch), but it also affects
0.2.5.12; looking at Tor’s src/common/sandbox.c
the prlimit64
syscall indeed isn’t explicitly allowed while in sandbox mode.
Deactivating Tor’s sandboxing (e.g. by running in “bridge mode”) fixes
it. This is a regression since we introduced Tor sandboxing.
I has been reported upstream as Tor bug tails/tails#15211 and I will relay these finding there and then we have to wait for a fix.
Related issues
- Has duplicate #9447 (closed)
Edited by anonym