[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17562 [Tor]: DataDirectory permissions are too restrictive when using CapabilityBoundingSet or SELinux
#17562: DataDirectory permissions are too restrictive when using
CapabilityBoundingSet or SELinux
------------------------+------------------------------------
Reporter: jamielinux | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------+------------------------------------
Comment (by jamielinux):
Replying to [comment:2 nickm]:
> Yeah, those capabilities should not be given to Tor. Tor shouldn't
really need anything besides CAP_NET_BIND_SERVICE.
Also `CAP_SETUID`/`CAP_SETGID` for dropping permissions.
> I think that it's probably okay to allow gid == 0 as an exception for
when group readable is okay? Not 100% sure there, for all I know there's
some horrible unix where gid 0 is unprivileged. (Is that possible?)
That would be horrific.
> I'm not too thrilled with changing the default permissions, though:
those are locked down for a pretty solid reason. If we'd like to
override that, I'd prefer to have it be based on an option than having it
be always-750.
I agree. I propose an alternative patch for it to be optional instead.
Distribution packagers or administrators who want to use
CapabilityBoundingSet or SELinux (or some other MAC) can create a
DataDirectory with the 0750 TorUser:root permissions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17562#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs