[tor-commits] [torsocks/osx] Prevent execution of suid/sgid programs by torsocks

hoganrobert at torproject.org hoganrobert at torproject.org
Sun Oct 23 18:27:14 UTC 2011


commit 5875e3afc294a6e92dc4b66986387b9fa3e62dfe
Author: Robert Hogan <robert at roberthogan.net>
Date:   Sun Jan 2 13:46:39 2011 +0000

    Prevent execution of suid/sgid programs by torsocks
    
    We already do this in usewithtor. Closes off
    http://code.google.com/p/torsocks/issues/detail?id=5
---
 src/torsocks.in |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/src/torsocks.in b/src/torsocks.in
index d4e4f17..075a5e4 100755
--- a/src/torsocks.in
+++ b/src/torsocks.in
@@ -63,6 +63,11 @@
 # Tamas Szerb <toma at rulez.org>
 # Modified by Robert Hogan <robert at roberthogan.net> April 16th 2006
 
+set_id () {
+    echo "ERROR: $1 is set${2}id. torsocks will not work on a set${2}id executable." >&2
+    exit 1
+}
+
 if [ $# = 0 ] ; then
    echo "$0: insufficient arguments"
    exit
@@ -122,6 +127,11 @@ case "$1" in
 
     if [ $# -gt 0 ]
     then
+      if [ -u `which "$1"` ]; then
+          set_id $1 u
+      elif [ -g `which "$1"` ]; then
+          set_id $1 g
+      fi
       exec "$@"
     fi
   ;;





More information about the tor-commits mailing list