[tor-bugs] #26913 [Core Tor/Tor]: DataDirectoryGroupReadable enabled does not have effect

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 3 01:30:47 UTC 2018 

#26913: DataDirectoryGroupReadable enabled does not have effect
----------------------------------------------+----------------------------
 Reporter:  maha                              |          Owner:  (none)
     Type:  defect                            |         Status:
                                              |  needs_information
 Priority:  Medium                            |      Milestone:  Tor:
                                              |  0.3.5.x-final
Component:  Core Tor/Tor                      |        Version:  Tor:
                                              |  0.3.3.9
 Severity:  Normal                            |     Resolution:
 Keywords:  regression? 035-roadmap-proposed  |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+----------------------------

Comment (by redfish):

 I also hit this. Workaround: define CacheDirectory in your torrc, for
 example: `CacheDirectory /var/cache/tor` (and, just in case, create it
 before starting Tor: mkdir /var/cache/tor && chmod 700 /var/cache/tor).

 The wrong permission settings happens when DataDirectory ==
 CacheDirectory, which happens by default if CacheDirectory is undefined.
 The call that breaks permissions is this one:
 It's
 https://github.com/torproject/tor/blob/3c490190163e227d37eb989b41df152e8500e059/src/app/config/config.c#L1557

 It's tricky to suggest the right^TM fix. I think the easiest and foolproof
 fix is to change the default for CacheDirectory to be
 "DataDirectory"/cache (or even /var/cache/tor, if tor generally has
 permissions to create it in /var/cache on its own). Next option for a fix
 is to log a warning during configuration validity check if (DataDirectory
 == CacheDirectory  and DataDirectoryGroupReadable !=
 CacheDirectoryGroupReadable), and maybe even fail hard rejecting the
 config as inconsistent.

 It regressed, because CacheDirectory stuff was added somewhat recently in
 #22703, so people with old configs without this var defined will all be
 affected.

 PS. Two years after #19953: same bug (albeit for a different reason) and
 same fixer, lol.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26913#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list