[tor-bugs] #17743 [Torsocks]: [torsocks] Detect elevated capability executables
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 2 11:41:30 UTC 2015
#17743: [torsocks] Detect elevated capability executables
----------------------+--------------------------------
Reporter: shawnl | Owner: dgoulet
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Torsocks | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+--------------------------------
Changes (by teor):
* status: new => needs_revision
* version: Tor: unspecified =>
Comment:
Code review:
It looks like the patch passes $app_path to getcap before checking if it's
the empty string. It should check "if [ -z $app_path ]; then" before
calling getcap.
Rather than hard-coding the path of getcap, why not locate it in the
user's path using "which getcap"? (The script already does this for the
command being torified ($1) at the top of the function.)
This is a nitpick, but it's important for proper testing:
Perhaps ping isn't a great example command here, as Tor is a TCP overlay
network, and ping uses ICMP. (So torsocks could never work with ping, even
if ping had no extra capabilities.)
Can you give an example of a command with elevated privileges that uses
TCP?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17743#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list