[tor-bugs] #8195 [Tor]: tor and capabilities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 24 17:43:47 UTC 2014
#8195: tor and capabilities
-----------------------------+--------------------------------
Reporter: weasel | Owner:
Type: enhancement | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by dgoulet):
Hrm, so of what I've seen Tor can chown() files *after* the boot time
process. When the process goes to an unprivileged UID, the chown should
only work on UID/GID it *owns* (behavior of chown(2)) thus the chown of
/etc/shadow would be EPERM.
But now you've plant the "seed of doubt" in my head so I've looked in the
Linux kernel and the check is actually done like this (fs/attr.c +49)
{{{
/* Make sure a caller can chown. */
if ((ia_valid & ATTR_UID) &&
(!uid_eq(current_fsuid(), inode->i_uid) ||
!uid_eq(attr->ia_uid, inode->i_uid)) &&
!inode_capable(inode, CAP_CHOWN))
return -EPERM;
}}}
Thus the check is done against the capability and the current UID with the
file UID we are trying to change. I'll make a test just to be *sure* that
I'm correct here unless I'm not completely wrong. Any case, the test will
tell us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list