Opened 7 years ago

Last modified 3 years ago

#9024 new enhancement

add supplementary groups when changing uid

Reported by: baccala Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: group, android, tor-client setuid setgid posix
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Under Android, it's important to be in group 3003 to access the network. Current tor code switch_id() in common/compat.c only sets the primary group. That means that tor and everything like /var/run/tor has to be in group 3003.

It'd be nice to leave /var/run/tor owned by group debian-tor. That means to access the network, 3003 has to be a supplementary group for user debian-tor (easy) and switch_id() has to call setgroups() on the entire supplementary groups list.

There might be other security issues with doing this that I'm not aware of.

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by nickm

Keywords: tor-client added
Milestone: Tor: 0.2.5.x-final

Seems worth doing to me.

comment:2 Changed 6 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.???

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:5 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:6 Changed 3 years ago by nickm

Keywords: setuid setgid posix added
Severity: Normal
Note: See TracTickets for help on using tickets.