[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running
#20007: Sandbox causing crash when setting HidServAuth when there is a hidden
service running
--------------------------+------------------------------------
Reporter: segfault | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.2.9.2-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by segfault):
* status: needs_information => new
Old description:
> When the sandbox is enabled and there is a hidden service configured,
> setting HidServAuth via SETCONF results in a permission error.
>
> Steps to reproduce:
>
> Start Tor with a hidden service:
>
> {{{
> /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
> --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1
> --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80 >
> tor.log
> }}}
>
> Try setting HidServAuth via the control port:
>
> {{{
> echo "AUTHENTICATE
> SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
> nc -U /var/run/tor/control
> }}}
>
> Output:
>
> {{{
> 250 OK
> 513 Unacceptable option value: Failed to configure rendezvous options.
> See logs for details.
> }}}
>
> Log:
>
> {{{
> Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot
> be read: Permission denied
> Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't
> validate: Failed to configure rendezvous options. See logs for details.
> }}}
>
> If we start Tor without a hidden service, it works without errors:
>
> {{{
> /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
> --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 >
> tor.log
> }}}
>
> Set HidServAuth via the control port:
>
> {{{
> echo "AUTHENTICATE
> SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
> nc -U /var/run/tor/control
> }}}
>
> Output:
>
> {{{
> 250 OK
> 250 OK
> }}}
New description:
When the sandbox is enabled and there is a hidden service configured,
setting HidServAuth via SETCONF results in a permission error.
Steps to reproduce:
Start Tor with a hidden service:
{{{
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
--RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1
--HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
}}}
Try setting HidServAuth via the control port:
{{{
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
nc -U /var/run/tor/control
}}}
Output:
{{{
250 OK
513 Unacceptable option value: Failed to configure rendezvous options. See
logs for details.
}}}
Log:
{{{
Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot
be read: Permission denied
Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't
validate: Failed to configure rendezvous options. See logs for details.
}}}
If we start Tor without a hidden service or without the sandbox, it works
without errors:
Without hidden service:
{{{
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
--RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1
}}}
or without sandbox:
{{{
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
--RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 0
--HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
}}}
Set HidServAuth via the control port:
{{{
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
nc -U /var/run/tor/control
}}}
Output:
{{{
250 OK
250 OK
}}}
--
Comment:
> What happens when you turn sandbox off and hidden service auth on?
Without the sandbox it works as expected. I updated the description to
include this case.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20007#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs