[tor-talk] seeking someone to fix a Tor rpm bug
Marco Bonetti
sid77 at slackware.it
Thu Mar 10 12:13:36 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/10/2011 12:38 PM, Erinn Clark wrote:
> Yes, you could just remove that. But do you need to change the group
> for all of the people who already have a _tor group created upon
> upgrade? Should you delete the group from existing systems
> altogether? Is it as simple as just removing all of the other
> torgroup mentions from the .spec (and there are quite a lot of them)?
> Does it do the right thing when it gets installed for a new user as
> well?
I think the best solution is to just remove the configure entry and keep
creating the _tor (or tor) user and assigning it the _tor (or tor) group.
I can't see why there shouldn't be a _tor group for the _tor user: you
will need a group for the application user anyway and changing it from
its standalone one to a shared one like "proxy" is a system upgrade
nightmare as you correctly said and a security weakness as well (a
broken application could leverage its belonging to the shared group to
try to modify Tor configuration files).
Just my 2 cents, obviously!
- --
Marco Bonetti
Tor research and other stuff: http://sid77.slackware.it/
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/
My GnuPG key id: 0x0B60BC5F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk14wHAACgkQTYvJ9gtgvF+vdQCfUyWjOEkLsI889ZA37BFImhOY
ncAAnivvVGuY7cvppGbHSQBjhhTm4krm
=ybNp
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list