[tor-bugs] #9024 [Tor]: add supplementary groups when changing uid
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 5 23:15:45 UTC 2013
#9024: add supplementary groups when changing uid
---------------------------+------------------------------------------------
Reporter: baccala | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: group android | Parent:
Points: | Actualpoints:
---------------------------+------------------------------------------------
Under Android, it's important to be in group 3003 to access the network.
Current tor code switch_id() in common/compat.c only sets the primary
group. That means that tor and everything like /var/run/tor has to be in
group 3003.
It'd be nice to leave /var/run/tor owned by group debian-tor. That means
to access the network, 3003 has to be a supplementary group for user
debian-tor (easy) and switch_id() has to call setgroups() on the entire
supplementary groups list.
There might be other security issues with doing this that I'm not aware
of.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9024>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list