8 Apr
2025
8 Apr
'25
7:38 p.m.
On Tue, Apr 08, 2025 at 08:32:24AM -0400, Nick Mathewson via tor-dev wrote:
Is tor able to use secondary groups?
Hm. In src/lib/process.setuid.c, it looks like we're only calling setgroups() with a single gid from the password database, not with any additional groups. So I don't think the C tor implementation is set up to handle _switching_ to secondary groups when you're telling it to setuid.
I believe that choice was intentional because of security, long ago. The man page for the User torrc option says "On startup, setuid to this user and setgid to their primary group." More details at https://bugs.torproject.org/tpo/core/tor/848 including some useful insights from Steven Murdoch at the time. --Roger