[tor-bugs] #27334 [Core Tor/Tor]: RelaxDirModeCheck on ControlSocket still requires group to m
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 26 22:08:40 UTC 2018
#27334: RelaxDirModeCheck on ControlSocket still requires group to m
------------------------------+--------------------
Reporter: a_p | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
Even with RelaxDirModeCheck flag on the ControlSocket tor requires
the folder (containing the socket file) group to match the group of the
user running tor.
Could you lift this requirement when the RelaxDirModeCheck flag is given
or is there an important reason for that?
os: FreeBSD 11.2
conf:
{{{
ControlSocket /var/run/tor-instances/123/controlsocket GroupWritable
RelaxDirModeCheck
}}}
log:
{{{
Before Tor can create a control socket in "/var/run/tor-
instances/123/controlsocket", the directory "/var/run/tor-instances/123"
needs to exist, and to be accessible only by the user and group account
that is running Tor. (On some Unix systems, anybody who can list a socket
can connect to it, so Tor is being careful.)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27334>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list