[tor-bugs] #22331 [Core Tor/Tor]: Tor needs to stop trying to read directories before it changes users

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 23 08:38:25 UTC 2017 

#22331: Tor needs to stop trying to read directories before it changes users
------------------------------+--------------------------------
     Reporter:  arma          |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.2.x-final
    Component:  Core Tor/Tor  |    Version:  Tor: 0.3.0.7
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 If you use apparmor along with the Tor deb, like pretty much all Ubuntu
 users, and you want to configure a hidden service, you are in for some
 misery. For example, let's say your put your hidserv directory in
 /var/lib/tor/, which would make sense because then Tor will create the
 directory when it starts, take care of its permissions, etc.

 The trouble is that the apparmor rules only let the debian-tor user read
 stuff in /var/lib/tor. They prevent root from trying to read stuff there
 (because why should it). But when Tor starts, especially Tor 0.3.0.x, it
 tries to check all the hidden service directories, as root, before it
 drops privileges. When apparmor refuses the directory read attempts, Tor
 flips out and says the config is bad:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862993

 We should audit all of these cases where we try to interact with files and
 directories before we've dropped privileges, and get rid of the ones we
 don't need.

 (This one is a little bit tricky, because the way we've set up
 options_validate() vs options_act(), we'd like to be able to detect if a
 configuration change is going to fail *before* we commit to it. But I
 think cleaning up our behavior here is worth having things fail later
 because of directory problems if they're going to. After all, this way
 people will be able to use tight and simple apparmor profiles to enforce
 good behavior inside Tor.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22331>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list