[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running

Subject: Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 08 Sep 2016 11:41:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Sep 2016 07:41:11 -0400
In-reply-to: <048.6aee5bb589732e941fdf956b4dab0b21@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.6aee5bb589732e941fdf956b4dab0b21@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20007: Sandbox causing crash when setting HidServAuth when there is a hidden
service running
--------------------------+------------------------------------
 Reporter:  segfault      |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.9.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Changes (by segfault):

 * status:  needs_information => new


Old description:

> When the sandbox is enabled and there is a hidden service configured,
> setting HidServAuth via SETCONF results in a permission error.
>
> Steps to reproduce:
>
> Start Tor with a hidden service:
>
> {{{
> /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
> --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1
> --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80 >
> tor.log
> }}}
>
> Try setting HidServAuth via the control port:
>
> {{{
> echo "AUTHENTICATE
> SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
> nc -U /var/run/tor/control
> }}}
>
> Output:
>
> {{{
> 250 OK
> 513 Unacceptable option value: Failed to configure rendezvous options.
> See logs for details.
> }}}
>
> Log:
>
> {{{
> Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot
> be read: Permission denied
> Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't
> validate: Failed to configure rendezvous options. See logs for details.
> }}}
>
> If we start Tor without a hidden service, it works without errors:
>
> {{{
> /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
> --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1 >
> tor.log
> }}}
>
> Set HidServAuth via the control port:
>
> {{{
> echo "AUTHENTICATE
> SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
> nc -U /var/run/tor/control
> }}}
>
> Output:
>
> {{{
> 250 OK
> 250 OK
> }}}

New description:

 When the sandbox is enabled and there is a hidden service configured,
 setting HidServAuth via SETCONF results in a permission error.

 Steps to reproduce:

   Start Tor with a hidden service:

 {{{
 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
 --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1
 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
 }}}
   Try setting HidServAuth via the control port:

 {{{
 echo "AUTHENTICATE
 SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
 nc -U /var/run/tor/control
 }}}
   Output:

 {{{
 250 OK
 513 Unacceptable option value: Failed to configure rendezvous options. See
 logs for details.
 }}}
   Log:

 {{{
 Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot
 be read: Permission denied
 Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't
 validate: Failed to configure rendezvous options. See logs for details.
 }}}
 If we start Tor without a hidden service or without the sandbox, it works
 without errors:

   Without hidden service:

 {{{
 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
 --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1
 }}}
   or without sandbox:

 {{{
 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
 --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 0
 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
 }}}
   Set HidServAuth via the control port:

 {{{
 echo "AUTHENTICATE
 SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" |
 nc -U /var/run/tor/control
 }}}
   Output:

 {{{
 250 OK
 250 OK
 }}}

--

Comment:

 > What happens when you turn sandbox off and hidden service auth on?
 Without the sandbox it works as expected. I updated the description to
 include this case.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20007#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #20076 [Applications/Tor Launcher]: Tor data directory permissions are too permissive on OS X
Next by Author: Re: [tor-bugs] #19934 [Metrics/CollecTor]: CollecTor should use new metrics-lib json classes
Previous by thread: Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running
Next by thread: Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running
Index(es):
- Author
- Thread