Tor privdrop on (Open)BSD fails to reclaim capabilities of "User".
As summary states. Should Tor need invocation as superuser it will fail claim the capabilities of the target "User" in torrc. One statement that is therefore affected is e.g. "DisableAllSwap 1" which would either require Tor running as root or raising of superuser capabilities (this was never tested however). Both alternatives are unattractive.
Regarding option with "DisableAllSwap" I will give pretty obvious pointers from your own GitHub repositories:
L1510 @ src/app/config/config.c L220 @ src/lib/process/setuid.c L316 @ src/lib/process/setuid.c
And here is kdump format of a ktrace of faulty execution:
28446 tor CALL setegid(1000<"user">)
28446 tor RET setegid 0
28446 tor CALL setgid(1000<"user">)
28446 tor RET setgid 0
28446 tor CALL setuid(1000<"user">)
28446 tor RET setuid 0
28446 tor CALL seteuid(1000<"user">)
28446 tor RET seteuid 0
28446 tor CALL setgid(0<"wheel">)
28446 tor RET setgid -1 errno 1 Operation not permitted
28446 tor CALL setegid(0<"wheel">)
28446 tor RET setegid -1 errno 1 Operation not permitted
28446 tor CALL setuid(0<"root">)
28446 tor RET setuid -1 errno 1 Operation not permitted
28446 tor CALL seteuid(0<"root">)
28446 tor RET seteuid -1 errno 1 Operation not permitted
P.S. This applies to 0.3.4.9 but also to 0.3.5.7.
P.P.S. I am sorry I did not take the time to patch this myself yes. For anyone interested in this these are great resources:
man 2 setuid man 2 seteuid man 2 setgid man 2 setegid man 2 getrlimit man 2 setrlimit
Trac:
Username: RatherAnonymousOne