Opened 4 years ago

Closed 3 years ago

#17936 closed defect (fixed)

torsocks fails open on Mac OS X 10.11

Reported by: hellais Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords:
Cc: dgoulet Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am running OSX 10.11 and since the update I just noticed that torsocks is failing to torify connections.

Here are the details of my system:

$ torsocks --version
Torsocks 2.1.0

$ uname -a
Darwin XXX 15.0.0 Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64

$ sw_vers -productVersion
10.11.1

Doing a cursory search into what may be the causes for this problem it seems like a security "feature" introduced in OSX 10.11 is to blame for this behaviour called System Integrity Protection [1]. Looking around there are other people complaining about the fact that DYLD_INSERT_LIBRARIES doesn't work in OSX 10.11 [2].
This stackoverflow article does a nice summary of what can be done and can't be done due to SIP: http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really.

I am not sure what can be done to overcome this limitation in the latest version of OSX, but I think that at least torsocks should implement a check for the OSX version and if it's greater than 10.10 it fails closed (without doing the non-torified request).

[1] https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction/Introduction.html

[2] https://groups.google.com/a/chromium.org/forum/#!topic/crashpad-dev/MafauT4BHSY

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by dgoulet

Status: newaccepted

Accept a bunch of tickets for torsocks.

comment:2 Changed 3 years ago by dgoulet

Resolution: fixed
Status: acceptedclosed

Kind of duplicate of #17980.

Note: See TracTickets for help on using tickets.