Summary: | net-vpn/tor-0.3.4.9 - /var/lib/tor/data/control_auth_cookie inaccessible to unprivileged users | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Luke-Jr <luke-jr+gentoobugs> |
Component: | Current packages | Assignee: | John Helmert III <ajak> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Luke-Jr
2019-02-16 15:54:30 UTC
(In reply to Luke-Jr from comment #0) > Tor puts its authentication cookie at /var/lib/tor/data/control_auth_cookie, > but this file is not readable to any users other than the tor user itself, > not even to users in the tor group. Kinda defeats the purpose... All the files under /var/lib/data should only be readable by tor. Can you give steps to show what precisely is broken here? Run any software that connects with Tor (eg, net-p2p/bitcoin-qt) as a normal user and it will fail because it can't read the control_auth_cookie file. (In reply to Luke-Jr from comment #2) > Run any software that connects with Tor (eg, net-p2p/bitcoin-qt) as a normal > user and it will fail because it can't read the control_auth_cookie file. If you have line `User tor` in `/etc/tor/torrc` then tor will run as user tor and will be able to read that file which should belong to tor. bitcoin-qt (or any other program) should not try to read that file directly, but should connect to the tor process which *can* read that file. As for your test, I run programs (browsers) which connect to tor all the time and they work just fine. I'm thinking something is misconfigured on your end. (In reply to Anthony Basile from comment #3) > If you have line `User tor` in `/etc/tor/torrc` then tor will run as user > tor and will be able to read that file which should belong to tor. > bitcoin-qt (or any other program) should not try to read that file directly, > but should connect to the tor process which *can* read that file. The entire purpose of the file, is to authenticate connections between Tor and other programs (which MUST read the file to connect). See section 5.1 of https://gitweb.torproject.org/torspec.git/tree/control-spec.txt > As for your test, I run programs (browsers) which connect to tor all the > time and they work just fine. I'm thinking something is misconfigured on > your end. This is mainly used for accepting incoming connections on hidden services (ie, running servers). Browsers typically only connect out (ie, as a client only). |