Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Tor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 833
    • Issues 833
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 34
    • Merge requests 34
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • TorTor
  • Issues
  • #3421

Closed
Open
Created Jun 17, 2011 by weasel (Peter Palfrader)@weasel

control socket owned by root

Hi,

when Tor creates a ControlSocket at startup it does so before dropping its privileges which causes the socket to be owned by root:

intrepid:/var/run/tor# ls -l control srw-rw---- 1 root debian-tor 0 Jun 17 23:08 control=

[this is 0.2.2.28 + 54d7d31c]

I would expect the socket to be owned by the user that Tor is running as.

(Obviously if one adds a second control socket at run time that one gets opened/created as and is owned by the tor user).

This isn't something we need to fix right away, but it does seem wrong.

Maybe one option is to create unix sockets after dropping privileges. But then we cannot create a socket in a root owned directory that we do not have write privileges too. (I don't think the current check_private_dir() check allos for directories like that but it could be argued it should.)

Another option would be to chown the socket. I wonder how portable that is tho.

Cheers,

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking