Sandbox causing crash when setting HidServAuth when there is a hidden service running

When the sandbox is enabled and there is a hidden service configured, setting HidServAuth via SETCONF results in a permission error.

Steps to reproduce:

  Start Tor with a hidden service:

/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80

Try setting HidServAuth via the control port:

echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control

Output:

250 OK
513 Unacceptable option value: Failed to configure rendezvous options. See logs for details.

Log:

Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't validate: Failed to configure rendezvous options. See logs for details.

If we start Tor without a hidden service or without the sandbox, it works without errors:

Without hidden service:

/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 1

or without sandbox:

/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0  --Sandbox 0 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80

Set HidServAuth via the control port:

echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control

Output:

250 OK
250 OK