[tor-bugs] #17743 [Torsocks]: [torsocks] Detect elevated capability executables
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 2 13:37:34 UTC 2015
#17743: [torsocks] Detect elevated capability executables
----------------------+--------------------------------
Reporter: shawnl | Owner: dgoulet
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Torsocks | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+--------------------------------
Comment (by shawnl):
I knew that ping shouldn't work. And I then figured out why it seemed to
work---while traceroute in its default mode (which also does not use TCP)
gets a more expected network error.
I expected all network access to error out with torsocks, because
*thinking* one is using tor when one is not is dangerous.
I hardcode the path to getcap because we are using a /sbin binary as non-
root, so it isn't in the path on Debian. (I know Ubuntu includes /sbin and
/usr/sbin in PATH)
Good catch on checking if $app_path exists---we do not need to check if it
is executable because the shell will already give a good error message for
that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17743#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list