Opened 3 years ago

Last modified 2 years ago

#21465 new defect

Tor relays fix data directory permissions, but tor clients do not

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client tor-relay datadirectory permissions unix
Cc: Actual Points:
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

When adding control socket support to chutney (#21462), I discovered that relays set their data directory permissions to 0700 as a side-effect of adding keys to the keys directory.

But clients don't, because they don't have any (filesystem) keys.

Is the client state file worth protecting with 0700?
Would we have many fewer ControlSocket permissions errors if we changed the DataDirectory to 0700?

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by teor

The fix for this issue in chutney is #21464: we create all the directories in mode 0700.

comment:2 Changed 2 years ago by nickm

Keywords: tor-relay datadirectory permissions unix added
Note: See TracTickets for help on using tickets.