Opened 5 years ago

Closed 5 years ago

#11946 closed defect (fixed)

`Error setting configured user: debian-tor not found` with Sandbox, running as relay

Reported by: alphawolf Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor: 0.2.5.4-alpha
Severity: Keywords: sandbox
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When Sandbox 1 is set, tor is unable to start as a relay running under the debian-tor user. This may be related to #11609; I don't remember testing the patch with ORPort set. tor is started from init.d script as provided in torproject.org repo, but the binary is compiled from source.

/var/log/tor/log:

May 13 20:30:22.000 [notice] Tor 0.2.5.4-alpha-dev (git-585582fc8c77a199) opening log file.
May 13 20:30:22.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
May 13 20:30:22.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
May 13 20:30:22.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
May 13 20:30:23.000 [warn] Error setting configured user: debian-tor not found
May 13 20:30:23.000 [err] do_main_loop(): Bug: Error initializing keys; exiting

configure:
./configure --disable-asciidoc --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-tor-user=debian-tor --with-tor-group=debian-tor

/usr/share/tor/tor-service-defaults-torrc:

DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
RunAsDaemon 1
User debian-tor
ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie
Log notice file /var/log/tor/log

torrc:

ORPort 9001

ExitPolicy reject *:*
Sandbox 1

Disabling Sandbox or ORPort will allow Tor to start normally. Problem also exists in b54669bc007adcbe826ec6a531c1719979c06f0b with patch from #11609 applied, so it doesn't appear to be a regression from the 0.2.5.4-alpha release.

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by nickm

Hm. I'm a bit surprised that we give both of these errors:

May 13 20:30:23.000 [warn] Error setting configured user: debian-tor not found
May 13 20:30:23.000 [err] do_main_loop(): Bug: Error initializing keys; exiting

The first one could be if we have some file we're trying to read, but the sandbox isn't letting us read it. But we should only be installing the sandbox after we setuid!

So maybe we need to tinker with the relative ordering of RunAsDaemon, switch_id, and sandbox_init.

comment:2 Changed 5 years ago by nickm

Actually, the problem is the getpwnam() call in check_private_dir().

comment:3 Changed 5 years ago by nickm

Status: newneeds_review

Likely fix in branch "bug11946" in my public repository. (It works for me!)

comment:4 Changed 5 years ago by alphawolf

Works for me, too! Relay is up and running with Sandbox under debian-tor user.

comment:5 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Tested by alphawolf, reviewed by coderman, and I'm pretty sure it's correct. Merging!

Note: See TracTickets for help on using tickets.