[tor-bugs] #2579 [Tor Client]: Hidden service directory permissions prevent Vidalia from displaying the hidden service hostname

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Feb 18 21:23:40 UTC 2011 

#2579: Hidden service directory permissions prevent Vidalia from displaying the
hidden service hostname
--------------------------------+-------------------------------------------
 Reporter:  T(A)ILS developers  |          Owner:                  
     Type:  defect              |         Status:  new             
 Priority:  normal              |      Milestone:                  
Component:  Tor Client          |        Version:  Tor: unspecified
 Keywords:                      |         Parent:                  
   Points:                      |   Actualpoints:                  
--------------------------------+-------------------------------------------
 Usecase: create and publish a new hidden service with Vidalia.

 (Note for those who would like to reproduce this bug: the selected hidden
 service directory must be owned by the user who runs the system-wide Tor
 (e.g. `debian-tor`), which is not made clear, but this is Vidalia UI issue
 is orthogonal to the current one and will be addressed separately.)

 => Vidalia shows "Directory not found" in the "Onion Address" column, and
 the user has no easy way to get and share her hidden service hostname.

 This is because Tor chmod's 700 this directory:

     `[warn] Fixing permissions on directory /tmp/hidden`

 `check_private_dir` being called from `rend_service_load_keys`.

 It seems like the hostname cannot be asked by Vidalia using the control
 protocol, so the user who runs Vidalia needs to be allowed to read the
 "hostname" file in the configured hidden service directory.

 When using a system-wide Tor daemon and cookie authentication,
 `CookieAuthFileGroupReadable` is generally enabled, and the Vidalia user
 is generally a member of the system-wide Tor group (e.g. `debian-tor`).
 This is e.g. the case in T(A)ILS.

 I thus propose we add a new Tor option that could be called
 `HiddenServiceDirGroupReadable` or `HiddenServiceHostnameGroupReadable`,
 and work like
 `CookieAuthFileGroupReadable`. The exact semantics shall of course be
 specified more accurately, which I volunteer to do if we decide to go this
 way. In that case, I also volunteer to write the needed patch.

 On the implementation side, adding a `group_readable` boolean argument to
 the `check_private_dir` function may be needed.

 What do you think?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2579>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list