[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored

To: undisclosed-recipients: ;
Subject: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2018 18:14:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Oct 2018 14:14:40 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27992: config DataDirectoryGroupReadable 1 is ignored
----------------------------------------+------------------------------
 Reporter:  needle8420                  |          Owner:  (none)
     Type:  defect                      |         Status:  new
 Priority:  Low                         |      Component:  Core Tor/Tor
  Version:  Tor: 0.3.5.2-alpha          |       Severity:  Minor
 Keywords:  DataDirectoryGroupReadable  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+------------------------------
 im trying to run zeronet over tor.

 i need group access to the DataDirectory for cookie auth
 so /var/lib/tor should have file mode 0750

 spoiler: see below for workarounds + bugfix

 when i run
 # d=$(date +"%F %T"); \
 chmod 0750 /var/lib/tor; \
 systemctl restart tor; sleep 2; \
 journalctl -u tor --since="$d" \
 | grep -i permissions; \
 stat -c%a /var/lib/tor

 i always get
 Fixing permissions on directory /var/lib/tor
 700

 and datadir ends up with filemode 0700
 so it is not accessible for other users in the tor group

 ... though in my torrc i set
 DataDirectoryGroupReadable 1

 # usermod -a -G tor zeronet
 # sudo -u zeronet cat /var/lib/tor/control_auth_cookie
 cat: /var/lib/tor/control_auth_cookie: Permission denied

 the authcookie filemode is set correctly to 0640
 with the config
 CookieAuthFileGroupReadable 1

 --

 workaround 1
 run
 # chmod 0750 /var/lib/tor
 after starting tor

 workaround 2
 add
 CacheDirectoryGroupReadable 1
 to your torrc file

 workaround 3
 add
 CacheDirectory = /var/lib/tor/cache
 to your torrc file
 if your cache dir should not be group readable

 why workaround 2 and 3?

 cos the error only happens
 if CacheDirectory == DataDirectory
 which is the default config

 --

 bugfix

 in
 src/app/config/config.c
 add
 if (strcmp(options->KeyDirectory, options->DataDirectory) != 0) {
 and
 if (strcmp(options->CacheDirectory, options->DataDirectory) != 0) {
 around line 1570 and 1590
 before calling
 check_and_create_data_directory
 ... and close the parentheses

 --

 # cat /etc/tor/torrc
 Log notice syslog
 DataDirectory /var/lib/tor
 DataDirectoryGroupReadable 1
 ControlPort 9051
 CookieAuthentication 1
 CookieAuthFileGroupReadable 1
 CookieAuthFile /var/lib/tor/control_auth_cookie

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27992>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is overridden if you set KeyDir == DataDir (was: config DataDirectoryGroupReadable 1 is ignored)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #27921 [Core Tor/Tor]: apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
Next by Author: Re: [tor-bugs] #28068 [Applications/Tor Browser]: Tor not reopening on USB
Previous by thread: Re: [tor-bugs] #26040 [Core Tor/Tor]: Improve getrandom handling
Next by thread: Re: [tor-bugs] #27992 [Core Tor/Tor]: config DataDirectoryGroupReadable 1 is ignored
Index(es):
- Author
- Thread