[tor-dev] Re: can tor use secondary groups to read FamilyKeyDirectory?

[Roger Dingledine via tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>]

On Tue, Apr 08, 2025 at 08:32:24AM -0400, Nick Mathewson via tor-dev wrote:
> > Is tor able to use secondary groups?
>
> Hm.  In src/lib/process.setuid.c, it looks like we're only calling
> setgroups() with a single gid from the password database, not with any
> additional groups.  So I don't think the C tor implementation is set
> up to handle _switching_ to secondary groups when you're telling it to
> setuid.

I believe that choice was intentional because of security, long ago.

The man page for the User torrc option says "On startup, setuid to this
user and setgid to their primary group."

More details at https://bugs.torproject.org/tpo/core/tor/848
including some useful insights from Steven Murdoch at the time.

--Roger

_______________________________________________
tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx