Package: tor
Version: 0.2.5.10-1
Severity: normal
Please consider removing the line
#include <abstractions/nameservice>
from /etc/apparmor.d/abstractions/tor. In my testing tor seems to
function just fine without it; I haven't seen any errors reported to
audit.log or tor's own log. The nameserver abstraction grants access
to e.g. /etc/passwd that could reveal the identity of the owner of the
machine.
Please note that I've only tested the basic functionality of tor - not
any pluggable transports, etc. If those require direct access to DNS,
perhaps leave the nameservice abstraction but deny access to files
such as /etc/{passwd,group,etc} that should not be needed in any use
case?
Also, is access to /etc/localtime (in abstractions/base) really needed?
Best regards, Henrik
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tor depends on:
ii adduser 3.113+nmu3
ii libc6 2.19-13
ii libevent-2.0-5 2.0.21-stable-1.1
ii libseccomp2 2.1.1-1
ii libssl1.0.0 1.0.1j-1
ii lsb-base 4.1+Debian13+nmu1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages tor recommends:
ii logrotate 3.8.7-1+b1
ii tor-geoipdb 0.2.5.10-1
ii torsocks 2.0.0-3
Versions of packages tor suggests:
ii apparmor-utils 2.9.0-2
pn mixmaster <none>
pn obfsproxy <none>
pn polipo | privoxy <none>
pn socat <none>
pn tor-arm <none>
pn xul-ext-torbutton <none>
-- Configuration Files:
/etc/apparmor.d/abstractions/tor changed [not included]
/etc/tor/torrc changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
