[Whonix-devel] #25173 [Core Tor/Tor]: No Control Socket when DisableNetwork and User options are set

• Previous message: [Whonix-devel] #25140 [Core Tor/Tor]: Parse only .torrc files in torrc.d directory
• Next message: [Whonix-devel] #25173 [Core Tor/Tor]: No Control Socket when DisableNetwork and User options are set
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#25173: No Control Socket when DisableNetwork and User options are set
------------------------------+------------------------------
     Reporter:  iry           |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:  Tor: unspecified
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+------------------------------
 To successfully reproduce this, we need:

 0. set DisableNetwork to 1
 1. use User option as part of the Tor configuration
 2. run sudo Tor from a different user in a different group

 Here are the specific steps to reproduce it. I tested it on Debian
 Stretch but it should be distribution independent:

 user at host:~$ cat /home/user/my.torrc
 DataDirectory /tmp/tor
 ControlSocket /tmp/tor/control.sock
 ControlSocketsGroupWritable 1
 CookieAuthentication 1
 CookieAuthFileGroupReadable 1
 CookieAuthFile /tmp/tor/control.authcookie
 SocksPort unix:/tmp/tor/socks.sock

 user at host:~$ sudo /usr/bin/install -Z \
 -m 02755 -o debian-tor \
 -g debian-tor -d /tmp/tor

 user at host:~$ ls -ld /tmp/tor/; ls -l /tmp/tor/
 drwxr-s--- 2 debian-tor debian-tor 40 Feb  3 18:19 /tmp/tor/
 total 0

 user at host:~$ sudo /usr/bin/tor \
 -f /home/user/my.torrc \
 --User debian-tor \
 --DisableNetwork 1

 There should be control.sock, but not:

 user at host:~$ ls -ld /tmp/tor/; sudo ls -l /tmp/tor/
 drwx--S--- 2 debian-tor debian-tor 100 Feb  3 20:00 /tmp/tor/
 total 8
 -rw-r----- 1 debian-tor debian-tor  32 Feb  3 20:00 control.authcookie
 -rw------- 1 debian-tor debian-tor   0 Feb  3 20:00 lock
 -rw------- 1 debian-tor debian-tor 215 Feb  3 20:00 state

 To let Tor really open the control.sock, we need to reload Tor (yes,
 even though we just start it):

 user at host:~$ ps -A | grep tor
   863 ?        00:00:00 xenstore-watch
   927 ?        00:00:04 tor-controlport
 11851 pts/0    00:00:00 tor

 user at host:~$ sudo /bin/kill -HUP 11851

 user at host:~$ ls -ld /tmp/tor/; sudo ls -l /tmp/tor/
 drwx--S--- 2 debian-tor debian-tor 120 Feb  3 20:01 /tmp/tor/
 total 8
 -rw-r----- 1 debian-tor debian-tor  32 Feb  3 20:01 control.authcookie
 srw-rw---- 1 debian-tor debian-tor   0 Feb  3 20:01 control.sock
 -rw------- 1 debian-tor debian-tor   0 Feb  3 20:01 lock
 -rw------- 1 debian-tor debian-tor 215 Feb  3 20:01 state

 I guess the reason Yawning was not able to reproduce it is because User
 option was not set:

 user at host:~$ sudo -u debian-tor \
 /usr/bin/tor -f /home/user/my.torrc \
 --DisableNetwork 1

 [notice] Opening Control listener on /tmp/tor/control.sock

 I was thinking Tor fixing /tmp/tor/ to 2700 may be the reason, but then
 I cannot explain why this will work with /tmp/tor/ set to 2700:

 user at host:~$ sudo /usr/bin/tor \
 -f /home/user/my.torrc \
 --User debian-tor \
 --DisableNetwork 0

 [notice] Opening Control listener on /tmp/tor/control.sock

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25173>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

• Previous message: [Whonix-devel] #25140 [Core Tor/Tor]: Parse only .torrc files in torrc.d directory
• Next message: [Whonix-devel] #25173 [Core Tor/Tor]: No Control Socket when DisableNetwork and User options are set
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]