[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #3421 [Tor Client]: control socket owned by root

To: undisclosed-recipients:;
Subject: [tor-bugs] #3421 [Tor Client]: control socket owned by root
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 17 Jun 2011 21:19:32 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 17 Jun 2011 17:19:43 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3421: control socket owned by root
------------------------+---------------------------------------------------
 Reporter:  weasel      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:  Tor: 0.2.2.28-beta
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
 Hi,

 when Tor creates a ControlSocket at startup it does so before dropping its
 privileges which causes the socket to be owned by root:

 intrepid:/var/run/tor# ls -l control
 srw-rw---- 1 root debian-tor 0 Jun 17 23:08 control=

 [this is 0.2.2.28 + 54d7d31c]

 I would expect the socket to be owned by the user that Tor is running as.

 (Obviously if one adds a second control socket at run time that one gets
 opened/created as and is owned by the tor user).


 This isn't something we need to fix right away, but it does seem wrong.

 Maybe one option is to create unix sockets after dropping privileges.  But
 then we cannot create a socket in a root owned directory that we do not
 have write privileges too.  (I don't think the current check_private_dir()
 check allos for directories like that but it could be argued it should.)

 Another option would be to chown the socket.  I wonder how portable that
 is tho.

 Cheers,

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3421>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #3421 [Tor Client]: control socket owned by root
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3406 [Torctl]: High memory usage from parse_ns_body
Next by Author: Re: [tor-bugs] #3406 [Torctl]: High memory usage from parse_ns_body
Previous by thread: [tor-bugs] #3420 [Tor Client]: Add some way for starting-up controllers to disable non-controller networking until Tor is running.
Next by thread: Re: [tor-bugs] #3421 [Tor Client]: control socket owned by root
Index(es):
- Author
- Thread