[tor-bugs] #16070 [Tor]: Tor log doesn't have to be world readable
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun May 17 23:29:29 UTC 2015
#16070: Tor log doesn't have to be world readable
-----------------------------+-----------------
Reporter: yurivict271 | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by yurivict271):
> Nyx generally doesn't have trouble getting the information I need since
the log file and /proc are world readable.
But nothing should really be world readable. Also to connect to ctrl port
process needs permissions:
> srw------- 1 _tor _tor 0 May 17 15:12 ctrl
So if I run nyx with some regular user, it will fail. There should be the
policy and documentation on which users can connect, and what groups and
permissions are needed.
Also /proc is the linux artifact, not a good idea to use it and rely on it
in general. Such info should be accessed through some generic interface.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16070#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list