[tor-dev] Could tor drop privileges even earlier? (before trying to access anything on the filesystem beyond its torrc files)
nusenu
nusenu-lists at riseup.net
Mon Jul 23 11:22:00 UTC 2018
Fedora/CentOS starts the tor service as root and drops
privileges to user 'toranon' due to the torrc 'User' parameter by default.
Also by default the tor service runs in a SELinux confined domain (tor_t). That means
root in that domain can NOT access just any files regardless
of DAC filesystem permissions (DAC_OVERRIDE is not granted by default).
Which results in the situation that during startup (before privileges
are dropped and user is switched to 'toranon') tor can not access
the hiddenservicedir without allowing DAC_OVERRIDE or changing filesystem permissions,
but it could if at that point privileges were already switched to the user specified in the torrc file.
From my point of view the nicest solution would be if tor drops
privileges before it accesses anything on the filesystem -
which would solve above problem. Would that introduce other problems?
Is there a specific reason why tor drops privileges later?
(this is about running tor and tor in --verify-config mode)
context:
https://bugzilla.redhat.com/show_bug.cgi?id=1602171
(I consider this problem solved via the workaround but
I'm still interested in the above question)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180723/dc8a3af8/attachment-0001.sig>
More information about the tor-dev
mailing list