Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T16:09:28Zhttps://gitlab.torproject.org/legacy/trac/-/issues/14322torsocks fails to wrap setcap binaries2020-06-13T16:09:28Zcypherpunkstorsocks fails to wrap setcap binariesthe Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.
at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed c...the Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.
at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed closed, throwing an error if this occurs, however there is currently no check to see if the binaries have capabilities applied.
in the case where they do, the LD_PRELOAD set by torsocks is stripped and the program will execute with no warning and without the torsocks wrapper.
as an example of this, the current 'ping' command on my Linux is setcap:
$ getcap `which ping`
/usr/bin/ping = cap_net_raw+ep
$ torsocks ping -c 1 torproject.org
PING torproject.org (82.195.75.101) 56(84) bytes of data.
64 bytes from 82.195.75.101: icmp_seq=1 ttl=50 time=38.1 ms
the install script which does setcap || setuid here:
https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils