Sandbox causing crash when setting HidServAuth when there is a hidden service running
When the sandbox is enabled and there is a hidden service configured, setting HidServAuth via SETCONF results in a permission error.
Steps to reproduce:
Start Tor with a hidden service:
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80Try setting HidServAuth via the control port:
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/controlOutput:
250 OK
513 Unacceptable option value: Failed to configure rendezvous options. See logs for details.Log:
Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't validate: Failed to configure rendezvous options. See logs for details.If we start Tor without a hidden service or without the sandbox, it works without errors:
Without hidden service:
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1or without sandbox:
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 0 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80Set HidServAuth via the control port:
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/controlOutput:
250 OK
250 OK
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information