Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #17936

Closed (moved)
Open
Opened Dec 25, 2015 by Arturo Filasto@art

torsocks fails open on Mac OS X 10.11

I am running OSX 10.11 and since the update I just noticed that torsocks is failing to torify connections.

Here are the details of my system:

$ torsocks --version
Torsocks 2.1.0

$ uname -a
Darwin XXX 15.0.0 Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64

$ sw_vers -productVersion
10.11.1

Doing a cursory search into what may be the causes for this problem it seems like a security "feature" introduced in OSX 10.11 is to blame for this behaviour called System Integrity Protection [1]. Looking around there are other people complaining about the fact that DYLD_INSERT_LIBRARIES doesn't work in OSX 10.11 [2]. This stackoverflow article does a nice summary of what can be done and can't be done due to SIP: http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really.

I am not sure what can be done to overcome this limitation in the latest version of OSX, but I think that at least torsocks should implement a check for the OSX version and if it's greater than 10.10 it fails closed (without doing the non-torified request).

[1] https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction/Introduction.html

[2] https://groups.google.com/a/chromium.org/forum/#!topic/crashpad-dev/MafauT4BHSY

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#17936