#20007: Sandbox causing crash when setting HidServAuth when there is a hidden service running --------------------------+------------------------------------ Reporter: segfault | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: Core Tor/Tor | Version: Tor: 0.2.9.2-alpha Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+------------------------------------ Changes (by segfault):
* status: needs_information => new Old description: > When the sandbox is enabled and there is a hidden service configured, > setting HidServAuth via SETCONF results in a permission error. > > Steps to reproduce: > > Start Tor with a hidden service: > > {{{ > /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc > --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 > --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80 > > tor.log > }}} > > Try setting HidServAuth via the control port: > > {{{ > echo "AUTHENTICATE > SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | > nc -U /var/run/tor/control > }}} > > Output: > > {{{ > 250 OK > 513 Unacceptable option value: Failed to configure rendezvous options. > See logs for details. > }}} > > Log: > > {{{ > Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot > be read: Permission denied > Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't > validate: Failed to configure rendezvous options. See logs for details. > }}} > > If we start Tor without a hidden service, it works without errors: > > {{{ > /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc > --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 > > tor.log > }}} > > Set HidServAuth via the control port: > > {{{ > echo "AUTHENTICATE > SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | > nc -U /var/run/tor/control > }}} > > Output: > > {{{ > 250 OK > 250 OK > }}} New description: When the sandbox is enabled and there is a hidden service configured, setting HidServAuth via SETCONF results in a permission error. Steps to reproduce: Start Tor with a hidden service: {{{ /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80 }}} Try setting HidServAuth via the control port: {{{ echo "AUTHENTICATE SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control }}} Output: {{{ 250 OK 513 Unacceptable option value: Failed to configure rendezvous options. See logs for details. }}} Log: {{{ Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't validate: Failed to configure rendezvous options. See logs for details. }}} If we start Tor without a hidden service or without the sandbox, it works without errors: Without hidden service: {{{ /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 }}} or without sandbox: {{{ /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 0 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80 }}} Set HidServAuth via the control port: {{{ echo "AUTHENTICATE SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control }}} Output: {{{ 250 OK 250 OK }}} -- Comment: > What happens when you turn sandbox off and hidden service auth on? Without the sandbox it works as expected. I updated the description to include this case. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20007#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs