[or-cvs] [torsocks/master] LD_PRELOAD is ignored for binaries where setuid/gid is used. As used, torsocks doesn't detect this, which means that it provides a false sense of security when running these types of executables.
mwenge at seul.org
mwenge at seul.org
Tue Jun 16 23:00:25 UTC 2009
Author: mwenge <robert at roberthogan.net>
Date: Tue, 16 Jun 2009 23:59:13 +0100
Subject: LD_PRELOAD is ignored for binaries where setuid/gid is used. As used,
Commit: 3d774d0d05872510d495108b7bbc5e67e6dbb29e
Added logic that detects setuid/setgid programs and fails early with an
error message.
Further reorganized the file to simplify flow and improve command line
argument handling.
Patch by Marcus Griep <marcus at griep.us>
---
src/usewithtor.in | 99 ++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 67 insertions(+), 32 deletions(-)
diff --git a/src/usewithtor.in b/src/usewithtor.in
index c2090fb..b252663 100644
--- a/src/usewithtor.in
+++ b/src/usewithtor.in
@@ -1,3 +1,4 @@
+#! /bin/sh
# ***************************************************************************
# * *
# * $Id: usewithtor.in,v 1.3 2008-07-06 15:17:35 hoganrobert Exp $*
@@ -25,50 +26,84 @@
# * Original copyright notice from tsocks source file follows: *
# ***************************************************************************
-
-#! /bin/sh
-
-# Wrapper script for use of the torsocks(8) transparent socksification library
-# See the torsocks(1) and usewithtor(1) manpages.
+# Wrapper script for use of the tsocks(8) transparent socksification library
+# See the tsocks(1) and torify(1) manpages.
# Copyright (c) 2004, 2006 Peter Palfrader
# Modified by Jacob Appelbaum <jacob at appelbaum.net> April 16th 2006
-# Modified by Robert Hogan <robert at roberthogan.net> March 2007
+# Modified by Marcus Griep <marcus at griep.us> June 16 2009
# May be distributed under the same terms as Tor itself
-# Define and ensure we have torsocks
+# Define and ensure we have tsocks
# XXX: what if we don't have which?
-TSOCKS="`which torsocks`"
-if [ ! -x "$TSOCKS" ]
-then
- echo "$0: Can't find torsocks in PATH. Perhaps you haven't installed it?" >&2
- exit 1
-fi
+TORSOCKS="`which torsocks`"
+PROG=
+VERBOSE=
+
+usage () {
+ echo "Usage: $0 [-hv] <command> [<options>...]"
+}
+
+set_id () {
+ echo "ERROR: $1 is set${2}id. usewithtor will not work on a set${2}id executable." >&2
+ exit 1
+}
# Check for any argument list
-if [ "$#" = 0 ]
-then
- echo "Usage: $0 <command> [<options>...]" >&2
- exit 1
-fi
-if [ "$#" = 1 ] && ( [ "$1" = "-h" ] || [ "$1" = "--help" ] )
-then
- echo "Usage: $0 <command> [<options>...]"
- exit 0
+if [ "$#" = 0 ]; then
+ usage >&2
+ exit 1
fi
-# Define our torsocks config file
-TSOCKS_CONF_FILE="@CONFDIR@/torsocks.conf"
-export TSOCKS_CONF_FILE
+while [ "$1" ]; do
+ case "$1" in
+ -h|--h*)
+ usage
+ exit 0
+ ;;
+ -v|--v*)
+ VERBOSE=YesPlease
+ shift
+ ;;
+ *)
+ break;
+ esac
+done
-# Check that we've got a torsocks config file
-if [ -r "$TSOCKS_CONF_FILE" ]
-then
- exec torsocks "$@"
- echo "$0: Failed to exec torsocks $@" >&2
- exit 1
+if [ -u `which "$1"` ]; then
+ set_id $1 u
+elif [ -g `which "$1"` ]; then
+ set_id $1 g
+fi
+
+if [ -x "$TORSOCKS" ]; then
+ PROG=torsocks
else
- echo "$0: Missing torsocks configuration file \"$TSOCKS_CONF_FILE\"." >&2
+ echo "$0: Unable to find torsocks in PATH." >&2
+ echo " Perhaps you haven't installed it?" >&2
exit 1
fi
+
+if [ "$VERBOSE" ]; then
+ echo "We're armed with the following torsocks: $TORSOCKS"
+ echo "We're attempting to use $PROG for all tor action."
+fi
+
+if [ "$PROG" = "torsocks" ]; then
+ # Define our torsocks config file
+ TSOCKS_CONF_FILE="@CONFDIR@/torsocks.conf"
+ export TSOCKS_CONF_FILE
+
+ # Check that we've got a torsocks config file
+ if [ -r "$TSOCKS_CONF_FILE" ]; then
+ exec torsocks "$@"
+ else
+ echo "$0: Missing torsocks configuration file \"$TSOCKS_CONF_FILE\" - torsocks will use defaults sensible for Tor." >&2
+ exec torsocks "$@"
+ fi
+fi
+
+# We should have hit an exec. If we get here, we didn't exec
+echo "$0: failed to exec $PROG $@" >&2
+exit 1
--
1.5.6.5
More information about the tor-commits
mailing list