GitLab

the Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.

at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed closed, throwing an error if this occurs, however there is currently no check to see if the binaries have capabilities applied.

in the case where they do, the LD_PRELOAD set by torsocks is stripped and the program will execute with no warning and without the torsocks wrapper.

as an example of this, the current 'ping' command on my Linux is setcap:

$ getcap which ping /usr/bin/ping = cap_net_raw+ep $ torsocks ping -c 1 torproject.org PING torproject.org (82.195.75.101) 56(84) bytes of data. 64 bytes from 82.195.75.101: icmp_seq=1 ttl=50 time=38.1 ms

the install script which does setcap || setuid here: https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils