[tor-bugs] #3747 [Tor Client]: Tor can't create the ControlPortWriteToFile file if it is to be placed into the not-yet-existant datadir

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Aug 17 15:06:51 UTC 2011


#3747: Tor can't create the ControlPortWriteToFile file if it is to be placed into
the not-yet-existant datadir
------------------------+---------------------------------------------------
 Reporter:  Sebastian   |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  major       |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by rransom):

 Replying to [comment:1 nickm]:
 > The rationale there is indeed that we want to do the port-binding stuff
 before we drop privileges, and we want to be poking at the FS as little as
 possible until _after_ we drop privileges.  (For example, if this were
 running as root and then calling setuid() to "tor-daemon", and we created
 the data directory as root, then we would create a datadir that "tor-
 daemon" couldn't read, unless we knew how to chown it, which I don't think
 we currently do.)
 >
 > For 0.2.2.x, I think I'd prefer the smallest & most isolated fix that
 could work. Perhaps, if writing to the file fails, retry it at some later
 point during the startup process?  Or is there something even simpler?

 Creating `port.conf` as root is a security bug -- an attacker with write
 access to Tor's DataDirectory could put a symlink to `/etc/passwd` where
 Tor wants to write `port.conf`.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3747#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list