[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 23 Jul 2011 01:12:54 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Jul 2011 21:13:06 -0400
In-reply-to: <046.ae58f34a83af921e4de17630f2bf7532@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae58f34a83af921e4de17630f2bf7532@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3629: Arm/Tor Deb Torrc Configuration
-------------------------+--------------------------------------------------
 Reporter:  atagar       |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  normal       |      Milestone:         
Component:  arm          |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------

Comment(by ioerror):

 That permission issue was Sebastian's point. I agree entirely. I'm
 surprised that install lets you install something unsafely without forcing
 it...

 I'd also add that there two main things to review here.

 The first is the Python program - is it safe to call with sudo or as root?
 If so, great; if not, I'd like to fix that. Does it properly exit if
 you're not in the right t group, regardless of if you're root or not? I
 believe so.

 The second is the C program that invokes the Python program. I believe it
 is a very simple setuid wrapper that has a very small attack surface. The
 OS that grants the setuid bit also ensures that it is only possible to
 execute the program if your user is in the right group. I believe this is
 actually safer than sudo but obviously at the cost of being less flexible.
 sudo does not have checking for group membership like this - it only
 checks an internal filter; the OS is consulted but not until after
 execve().

 Here's sudo from an Ubuntu system:
 {{{
 -rwsr-xr-x 2 root root 165K 2011-05-30 02:06 /usr/bin/sudo
 }}}

 Anyone can call that on the system and it's up to sudo to ensure that it's
 safe. As we know from the history of sudo, it's hasn't always done the job
 properly. It's a tough job, obviously.

 The python program contains similar internal checks but they're hard coded
 at install time to match the group that can call the program at all. This
 should prevent the python program from running if you're not supposed to
 run it and should be rather graceful in general.

 Thoughts?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3629#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration
Next by Author: Re: [tor-bugs] #3630 [Tor Relay]: Reduce token bucket refill interval
Previous by thread: Re: [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration
Next by thread: Re: [tor-bugs] #3629 [arm]: Arm/Tor Deb Torrc Configuration
Index(es):
- Author
- Thread