[tor-bugs] #10702 [arm]: arm tells users to "sudo -s debian-tor arm", which lets arm read tor's keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 22 22:39:50 UTC 2014
#10702: arm tells users to "sudo -s debian-tor arm", which lets arm read tor's keys
--------------------+------------------------
Reporter: arma | Owner: atagar
Type: defect | Status: new
Priority: normal | Milestone:
Component: arm | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------+------------------------
in config/strings.cfg:
{{{
msg.setup.arm_is_running_as_root Arm is currently running with root
permissions. This isn't a good idea, nor should it be necessary. Try
starting arm with "sudo -u {tor_user} arm" instead.
}}}
Telling the user to run arm as the tor user exposes all of /var/lib/tor/
to arm, which is probably more than needed and likely more than expected.
At least on debian, the right answer is "sudo adduser $USER debian-tor"
and then run arm as the normal user (after logout/login as needed). See
#10700 for where this topic came up.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10702>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list