[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3747 [Tor Client]: Tor can't create the ControlPortWriteToFile file if it is to be placed into the not-yet-existant datadir
#3747: Tor can't create the ControlPortWriteToFile file if it is to be placed into
the not-yet-existant datadir
------------------------+---------------------------------------------------
Reporter: Sebastian | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
Replying to [comment:1 nickm]:
> The rationale there is indeed that we want to do the port-binding stuff
before we drop privileges, and we want to be poking at the FS as little as
possible until _after_ we drop privileges. (For example, if this were
running as root and then calling setuid() to "tor-daemon", and we created
the data directory as root, then we would create a datadir that "tor-
daemon" couldn't read, unless we knew how to chown it, which I don't think
we currently do.)
>
> For 0.2.2.x, I think I'd prefer the smallest & most isolated fix that
could work. Perhaps, if writing to the file fails, retry it at some later
point during the startup process? Or is there something even simpler?
Creating `port.conf` as root is a security bug -- an attacker with write
access to Tor's DataDirectory could put a symlink to `/etc/passwd` where
Tor wants to write `port.conf`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3747#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs