[tor-bugs] #17980 [Torsocks]: Torify/Torsocks - Possible bug with OSX's default curl binary

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 4 19:46:02 UTC 2016 

#17980: Torify/Torsocks - Possible bug with OSX's default curl binary
---------------------------------+------------------------------
 Reporter:  z0xcd                |          Owner:  dgoulet
     Type:  defect               |         Status:  new
 Priority:  Medium               |      Milestone:
Component:  Torsocks             |        Version:  Tor: 0.2.7.6
 Severity:  Normal               |     Resolution:
 Keywords:  torsocks,torify,osx  |  Actual Points:
Parent ID:                       |         Points:
  Sponsor:                       |
---------------------------------+------------------------------

Comment (by z0xcd):

 Replying to [comment:1 teor]:
 > Apple's system integrity prevention also prevents users from injecting
 shared libraries into some binaries. This could be a cause of this issue.
 (And if this is the case, there may be nothing we can do to fix this.)
 >
 > That said, these commands all work fine for me, whether I am using
 /usr/bin/curl or /opt/local/bin/curl (MacPorts).
 >
 > I am running OS X 10.11.2, but I have the developer tools installed and
 I upgraded from 10.10. Either of these may mean that System Integrity
 Protection is turned off.

 You are right. Apple now ships with El Capitan by default, and AFAIK it
 also ships with SIP on. I have installed Yosemite and from Yosemite
 upgrade to El Capitan, which kept SIP enabled by default. Perhaps checking
 if SIP is on when running Torsocks and alerting about this issue would be
 more secure, people could rely on Torsocks to torify any Apple's default
 binary and get bad results.
 Perhaps something like this?

 {{{
 diff --git a/../Cellar/torsocks/2.1.0/bin/torsocks
 b/Users/0xcflow/torsocks
 index 522d058..9abda23 100755
 --- a/../Cellar/torsocks/2.1.0/bin/torsocks
 +++ b/Users/0xcflow/torsocks
 @@ -67,25 +67,9 @@ LIB_NAME="libtorsocks"
  SHLIB_EXT="dylib"
  SHLIB="${LIBDIR}/${LIB_NAME}.${SHLIB_EXT}"

 -check_platform ()
 -{
 -    unamestr=`uname`
 -    if [ "$unamestr" == 'Darwin' ]; then
 -        sipcheck='csrutil status | grep enabled'
 -        if [ "$sipcheck" == 'enabled']; then
 -            return true;
 -        fi
 -    fi
 -    return false;
 -}
 -
  # Set DYLD_INSERT_LIBRARIES variable with torsocks library path.
  set_ld_preload ()
  {
 -    if [ check_platform ]; then
 -        echo "Torify does not work on a SIP protected OSX"
 -        exit 1;
 -    fi
         if [ -z "$DYLD_INSERT_LIBRARIES" ]; then
                 export DYLD_INSERT_LIBRARIES="${SHLIB}"
         else
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17980#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list