[tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 22 21:39:54 UTC 2015
#14322: torsocks fails to wrap setcap binaries
---------------------------+-----------------------------------------------
Reporter: | Owner: dgoulet
cypherpunks | Status: new
Type: defect | Milestone:
Priority: normal | Version:
Component: Torsocks | Keywords: setcap setuid LD_PRELOAD torsocks
Resolution: | Parent ID:
Actual Points: |
Points: |
---------------------------+-----------------------------------------------
Comment (by cypherpunks):
Replying to [comment:1 yawning]:
> Hmmm. The getcap executable isn't present by default on all Linux
systems, so the path of least resistance here might just be to bundle our
own helper that the wrapper builds/calls on Linux. Not sure how to handle
the torified shell use case, since it just sets `LD_PRELOAD` and spawns
sh.
>
> It's relatively easy to check if a given executable has any capabilites
set only with libc,
> see: https://gist.github.com/Yawning/fda95db37092669958b1
I apologize in advance for everything wrong with this code, but how about
wrapping the entire execve call to perform checks before executing it?
https://gist.github.com/0xcaca0/037ab1f7bf4ac290e60a (this bit of code
needs *serious* work, purely a PoC, good luck getting it to even compile,
etc)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14322#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list