can tor use secondary groups to read FamilyKeyDirectory?
Hi, given the following example, tor fails to access the familykeydir folder. familykeydir has the following permissions: drwxr-x--- 2 root tor_reader id _tor uid=996(_tor) gid=993(_tor) groups=993(_tor),994(tor_reader) Is tor able to use secondary groups? When using sudo to switch to user _tor manually, it is possible to read files in that folder without problems. The problem does not happen when _tor's primary group is set to 'tor_reader'. Tested on debian. kind regards, nusenu -- https://nusenu.github.io
On Thu, Apr 3, 2025 at 6:29 PM nusenu via tor-dev <tor-dev@lists.torproject.org> wrote:
Hi,
given the following example, tor fails to access the familykeydir folder.
familykeydir has the following permissions:
drwxr-x--- 2 root tor_reader
id _tor uid=996(_tor) gid=993(_tor) groups=993(_tor),994(tor_reader)
Is tor able to use secondary groups?
When using sudo to switch to user _tor manually, it is possible to read files in that folder without problems.
The problem does not happen when _tor's primary group is set to 'tor_reader'. Tested on debian.
Hm. In src/lib/process.setuid.c, it looks like we're only calling setgroups() with a single gid from the password database, not with any additional groups. So I don't think the C tor implementation is set up to handle _switching_ to secondary groups when you're telling it to setuid. -- Nick
On Tue, Apr 08, 2025 at 08:32:24AM -0400, Nick Mathewson via tor-dev wrote:
Is tor able to use secondary groups?
Hm. In src/lib/process.setuid.c, it looks like we're only calling setgroups() with a single gid from the password database, not with any additional groups. So I don't think the C tor implementation is set up to handle _switching_ to secondary groups when you're telling it to setuid.
I believe that choice was intentional because of security, long ago. The man page for the User torrc option says "On startup, setuid to this user and setgid to their primary group." More details at https://bugs.torproject.org/tpo/core/tor/848 including some useful insights from Steven Murdoch at the time. --Roger
I added this as: https://gitlab.torproject.org/tpo/core/tor/-/issues/41046 kind regards, nusenu -- https://nusenu.github.io
participants (3)
-
Nick Mathewson -
nusenu -
Roger Dingledine