Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2019-02-19 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  (none)
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 040-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe, 035-can,  |
  postfreeze-ok  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gaba):

 * owner:  arma => (none)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2019-01-07 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.4.0.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 040-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe, 035-can   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:
 tor-crash, regression, 035-roadmap-proposed, 035-backport,
 034-backport, 033-backport-maybe, 029-backport-maybe, 035-can
 =>
 tor-crash, regression, 040-roadmap-proposed, 035-backport,
 034-backport, 033-backport-maybe, 029-backport-maybe, 035-can
 * milestone:  Tor: 0.3.5.x-final => Tor: 0.4.0.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2019-01-04 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 035-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe, 035-can   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by wagon):

 Should milestone be changed to 0.4.0.x? 0.3.5.x is already in rc state.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2018-12-19 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 035-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe, 035-can   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by wagon):

 > what's the goal to be able to read directory's content, bit be unable to
 read any file inside it?
 I'll
 [[http://ea5faa5po25cf7fb.onion/projects/tor/ticket/28877#comment:3|quote]]
 atagar:
 > any direct use of tor's data directory is a bad idea
 Do we have anything useful that can be obtained only from Tor data
 directory directly, i.e. cannot be learnt from `ControlPort`? Some
 historical data about guard use written in `state` file?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2018-11-07 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 035-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by wagon):

 Does `/run/tor` has more privileges than necessary? Defaults:

 {{{
 # ll /run/tor | awk '{print $1,$3,$4,$5,$9}' | column -t
 total
 drwxr-sr-x  debian-tor  debian-tor  120  ./
 drwxr-xr-x  rootroot420  ../
 srw-rw  debian-tor  debian-tor  0control=
 -rw-r-  debian-tor  debian-tor  32   control.authcookie
 srw-rw-rw-  debian-tor  debian-tor  0socks=
 -rw-r--r--  debian-tor  debian-tor  6tor.pid
 }}}

 Many system services successfully run with `chmod o-rwx
 /run/name_of_service`. Is there any reason why any user on the system
 should be able to read the content of `/run/tor` directory and `tor.pid`
 file, `socks`, etc? Any user who needs it, should be either `root` or be
 in `debian-tor` group. Do I miss something?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2018-11-07 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 035-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by wagon):

 == Problem 4

 We have similar problem with Tor logs. Default permissions are:

 {{{
 # ls -la /var/log/tor | awk '{print $1,$3,$4,$5,$9}' | column -t
 total
 drwxr-s---  debian-tor  adm   4096  ./
 drwxr-xr-x  rootroot  4096  ../
 -rw-r--r--  debian-tor  adm   0 log
 }}}

 Since the default group is not `debian-tor`, user in `debian-tor` group
 (e.g., user which uses Nyx) cannot  list a content of `log` file. By
 default, Nyx wants to print its content. So, now, if we want Tor logs
 shown in Nyx, we have either to change the group manually (which is not
 good) or run Nyx under `debian-tor` user (which is
 [[https://trac.torproject.org/projects/tor/ticket/25890|not recommended]]
 too).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2018-11-07 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
-+-
 Reporter:  wagon|  Owner:  arma
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, regression, 035-roadmap-  |  Actual Points:
  proposed, 035-backport, 034-backport, 033  |
  -backport-maybe, 029-backport-maybe|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:   =>
 tor-crash, regression, 035-roadmap-proposed, 035-backport,
 034-backport, 033-backport-maybe, 029-backport-maybe
 * priority:  Medium => High
 * milestone:   => Tor: 0.3.5.x-final


Comment:

 Thanks for this bug report. Unexpected crashes are bad. We'll get on to
 fixing this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28356 [Core Tor/Tor]: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts forcing sandboxed Tor to crash

2018-11-07 Thread Tor Bug Tracker & Wiki 
#28356: DataDirectoryGroupReadable and CacheDirectoryGroupReadable conflicts
forcing sandboxed Tor to crash
--+--
 Reporter:  wagon |  Owner:  arma
 Type:  defect| Status:  assigned
 Priority:  Medium|  Component:  Core Tor/Tor
  Version:  Tor: 0.3.4.9  |   Severity:  Normal
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 == Problem 1

 By default `DataDirectory` and `CacheDirectory` is the same. On Debian it
 is `/var/lib/tor`. If you set `DataDirectoryGroupReadable 1` in `torrc`
 (and forget about `CacheDirectoryGroupReadable`) and then restart Tor, you
 expect granting permissions to this directory. However, Tor will not do
 that, but change `drwx--S---` permission to `drwx--` for this
 directory (which is itself not logical---removing permissions instead of
 granting them). Tor will also issue a warning:

 {{{
 [warn] Fixing permissions on directory /var/lib/tor
 }}}

 Later this warning will be repeated at each startup of Tor. I think that
 this warning should be improved, e.g.:

 {{{
 [warn or err] DataDirectoryGroupReadable and CacheDirectoryGroupReadable
 links to the same directory. You have to set both of them to 1 of both of
 them to 0.
 }}}

 Maybe you have another suggestion (e.g., if any of these options is 1,
 another is 1 too). `man torrc` doesn't tell anything about this conflict.
 It should be addressed in man page too.

 == Problem 2

 The situation is worse when your `torrc` has `Sandbox` enabled:

 {{{
 DataDirectoryGroupReadable 1
 CacheDirectoryGroupReadable 1
 Sandbox 1
 }}}

 In this case Tor successfully starts, but if you issue `SIGNAL RELOAD`
 command (e.g., using `tor-prompt`), Tor immediately crashes with the log:

 {{{
  T= XX
 (Sandbox) Caught a bad syscall attempt (syscall chmod)
 /usr/bin/tor(+0x1a4d66)[0x556326474d66]
 /lib/x86_64-linux-gnu/libc.so.6(chmod+0x7)[0x7f63c91b4807]
 /lib/x86_64-linux-gnu/libc.so.6(chmod+0x7)[0x7f63c91b4807]
 /usr/bin/tor(+0xfafed)[0x5563263cafed]
 /usr/bin/tor(set_options+0x2ed)[0x5563263d42dd]
 /usr/bin/tor(options_init_from_string+0x4c7)[0x5563263d6d97]
 /usr/bin/tor(options_init_from_torrc+0x471)[0x5563263d72f1]
 /usr/bin/tor(+0x55531)[0x556326325531]
 /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5(event_base_loop+0xe35)[0x7f63ca776a15]
 /usr/bin/tor(do_main_loop+0x25f)[0x556326325e3f]
 /usr/bin/tor(tor_run_main+0x1165)[0x556326328315]
 /usr/bin/tor(tor_main+0x3a)[0x55632632032a]
 /usr/bin/tor(main+0x19)[0x556326320099]
 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f63c90fab45]
 /usr/bin/tor(+0x500e9)[0x5563263200e9]
 }}}

 Should `Sandbox` be in conflict with these option? If yes, this should be
 documented in man page, and Tor has to complain an error during startup.

 == Problem 3

 Suppose, you disable `Sandbox`, but keep the options
 `DataDirectoryGroupReadable` and `CacheDirectoryGroupReadable` in place.
 During start Tor sets directory permissions to `drwxr-x---` allowing
 `debian-tor` group to list files.

 If you later grant read access to any file in this directory, Tor will
 remove this access soon. E.g., `state` file loses its group read
 permission at each Tor's startup. Other files may lose it less frequently.
 We are trapped in the situation where `DataDirectoryGroupReadable` and
 `CacheDirectoryGroupReadable` are useless: what's the goal to be able to
 read directory's content, bit be unable to read any file inside it?

 Earlier it was in less conflict with different tools which control Tor,
 because it was recommended to run each tool on behalf of `debian-tor`
 user. Now it is recommended to run it from another user who is a member of
 `debian-tor` group (see discussion in
 [[https://trac.torproject.org/projects/tor/ticket/25890|#25890]]), but
 "group approach" also fails...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs