[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-------------------------------------------------+-------------------------
Reporter: wagon | Owner: arma
Type: defect | Status:
| assigned
Priority: High | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.4.9
Severity: Normal | Resolution:
Keywords: tor-crash, regression, 035-roadmap- | Actual Points:
proposed, 035-backport, 034-backport, 033 |
-backport-maybe, 029-backport-maybe |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by wagon):
Does `/run/tor` has more privileges than necessary? Defaults:
{{{
# ll /run/tor | awk '{print $1,$3,$4,$5,$9}' | column -t
total
drwxr-sr-x debian-tor debian-tor 120 ./
drwxr-xr-x root root 420 ../
srw-rw---- debian-tor debian-tor 0 control=
-rw-r----- debian-tor debian-tor 32 control.authcookie
srw-rw-rw- debian-tor debian-tor 0 socks=
-rw-r--r-- debian-tor debian-tor 6 tor.pid
}}}
Many system services successfully run with `chmod o-rwx
/run/name_of_service`. Is there any reason why any user on the system
should be able to read the content of `/run/tor` directory and `tor.pid`
file, `socks`, etc? Any user who needs it, should be either `root` or be
in `debian-tor` group. Do I miss something?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28356#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs