nusenu
2018-07-23 11:22:00 UTC
Fedora/CentOS starts the tor service as root and drops
privileges to user 'toranon' due to the torrc 'User' parameter by default.
Also by default the tor service runs in a SELinux confined domain (tor_t). That means
root in that domain can NOT access just any files regardless
of DAC filesystem permissions (DAC_OVERRIDE is not granted by default).
Which results in the situation that during startup (before privileges
are dropped and user is switched to 'toranon') tor can not access
the hiddenservicedir without allowing DAC_OVERRIDE or changing filesystem permissions,
but it could if at that point privileges were already switched to the user specified in the torrc file.
From my point of view the nicest solution would be if tor drops
privileges before it accesses anything on the filesystem -
which would solve above problem. Would that introduce other problems?
Is there a specific reason why tor drops privileges later?
(this is about running tor and tor in --verify-config mode)
context:
https://bugzilla.redhat.com/show_bug.cgi?id=1602171
(I consider this problem solved via the workaround but
I'm still interested in the above question)
privileges to user 'toranon' due to the torrc 'User' parameter by default.
Also by default the tor service runs in a SELinux confined domain (tor_t). That means
root in that domain can NOT access just any files regardless
of DAC filesystem permissions (DAC_OVERRIDE is not granted by default).
Which results in the situation that during startup (before privileges
are dropped and user is switched to 'toranon') tor can not access
the hiddenservicedir without allowing DAC_OVERRIDE or changing filesystem permissions,
but it could if at that point privileges were already switched to the user specified in the torrc file.
From my point of view the nicest solution would be if tor drops
privileges before it accesses anything on the filesystem -
which would solve above problem. Would that introduce other problems?
Is there a specific reason why tor drops privileges later?
(this is about running tor and tor in --verify-config mode)
context:
https://bugzilla.redhat.com/show_bug.cgi?id=1602171
(I consider this problem solved via the workaround but
I'm still interested in the above question)
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
https://twitter.com/nusenu_
https://mastodon.social/@nusenu