[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries

Subject: [tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 22 Jan 2015 00:43:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Jan 2015 19:43:59 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14322: torsocks fails to wrap setcap binaries
-----------------------------------------------+-------------------------
 Reporter:  cypherpunks                        |          Owner:  dgoulet
     Type:  defect                             |         Status:  new
 Priority:  normal                             |      Milestone:
Component:  Torsocks                           |        Version:
 Keywords:  setcap setuid LD_PRELOAD torsocks  |  Actual Points:
Parent ID:                                     |         Points:
-----------------------------------------------+-------------------------
 the Linux 'capabilities' library for allowing non-root users to perform
 tasks which normally require elevated privileges.

 at present the torsocks wrappers have checked for setuid and setgid flags
 on the binaries it executes and failed closed, throwing an error if this
 occurs, however there is currently no check to see if the binaries have
 capabilities applied.

 in the case where they do, the LD_PRELOAD set by torsocks is stripped and
 the program will execute with no warning and without the torsocks wrapper.

 as an example of this, the current 'ping' command on my Linux is setcap:

 $ getcap `which ping`
 /usr/bin/ping = cap_net_raw+ep
 $ torsocks ping -c 1 torproject.org
 PING torproject.org (82.195.75.101) 56(84) bytes of data.
 64 bytes from 82.195.75.101: icmp_seq=1 ttl=50 time=38.1 ms

 the install script which does setcap || setuid here:
 https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14322>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #14152 [Website]: "Expert Bundle" download button is linked to an outdated version of Tor
Next by Author: [tor-bugs] #14323 [Website]: Promote WeSupportTor
Previous by thread: [tor-bugs] #14321 [- Select a component]: No entra a paginas SOCKS
Next by thread: Re: [tor-bugs] #14322 [Torsocks]: torsocks fails to wrap setcap binaries
Index(es):
- Author
- Thread