Debian Bug report logs - #739279
tor: AppArmor profile prevents tor from starting obfsproxy

version graph

Package: tor; Maintainer for tor is Peter Palfrader <weasel@debian.org>; Source for tor is src:tor (PTS, buildd, popcon).

Reported by: intrigeri@debian.org

Date: Mon, 17 Feb 2014 12:51:02 UTC

Severity: normal

Tags: patch

Found in version tor/0.2.4.20-1

Fixed in version tor/0.2.5.3-alpha-1

Done: Peter Palfrader <weasel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Peter Palfrader <weasel@debian.org>:
Bug#739279; Package tor. (Mon, 17 Feb 2014 12:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to intrigeri@debian.org:
New Bug report received and forwarded. Copy sent to Peter Palfrader <weasel@debian.org>. (Mon, 17 Feb 2014 12:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: intrigeri@debian.org
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: tor: AppArmor profile prevents tor from starting obfsproxy
Date: Mon, 17 Feb 2014 13:47:22 +0100
[Message part 1 (text/plain, inline)]
Package: tor
Version: 0.2.4.20-1
Severity: normal
Tags: patch

Hi,

as reported on Tor's ticket tracker (#9460, #6996), the AppArmor
profile we ship in the tor package prevents obfsproxy from starting.

This is fixed by the attached patch (against the debian-0.2.4 branch
in your packaging repository), that allows running obfsproxy under its
own profile if available, else unconfined. Successfully tested on
a Wheezy system with tor 0.2.4.x from deb.t.o and obfsproxy from
wheezy-backports.

My next step will be to write an AppArmor profile for obfsproxy, and
have it shipped with the obfsproxy package.

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc


[0001-AppArmor-allow-running-obfsproxy-under-its-own-profi.patch (text/x-diff, inline)]
From 59cbd65d849f8254957682a6875a51157141d681 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Mon, 17 Feb 2014 12:40:11 +0000
Subject: [PATCH] AppArmor: allow running obfsproxy under its own profile if
 available, else unconfined.

---
 debian/tor.apparmor-profile.abstraction | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/tor.apparmor-profile.abstraction b/debian/tor.apparmor-profile.abstraction
index d680215..f3aef3c 100644
--- a/debian/tor.apparmor-profile.abstraction
+++ b/debian/tor.apparmor-profile.abstraction
@@ -22,3 +22,5 @@
 
   /etc/tor/* r,
   /usr/share/tor/** r,
+
+  /usr/bin/obfsproxy PUx,
-- 
1.9.0.rc3

Added indication that bug 739279 blocks 739284 Request was from intrigeri <intrigeri@debian.org> to control@bugs.debian.org. (Mon, 17 Feb 2014 13:18:08 GMT) (full text, mbox, link).

Reply sent to Peter Palfrader <weasel@debian.org>:
You have taken responsibility. (Sun, 23 Mar 2014 09:24:16 GMT) (full text, mbox, link).

Notification sent to intrigeri@debian.org:
Bug acknowledged by developer. (Sun, 23 Mar 2014 09:24:16 GMT) (full text, mbox, link).

Message #12 received at 739279-close@bugs.debian.org (full text, mbox, reply):

From: Peter Palfrader <weasel@debian.org>
To: 739279-close@bugs.debian.org
Subject: Bug#739279: fixed in tor 0.2.5.3-alpha-1
Date: Sun, 23 Mar 2014 09:20:25 +0000
Source: tor
Source-Version: 0.2.5.3-alpha-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 739279@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <weasel@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 23 Mar 2014 09:24:57 CET
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all
Version: 0.2.5.3-alpha-1
Distribution: experimental
Urgency: low
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description: 
 tor - anonymizing overlay network for TCP
 tor-dbg - debugging symbols for Tor
 tor-geoipdb - GeoIP database for Tor
Closes: 739279
Changes: 
 tor (0.2.5.3-alpha-1) experimental; urgency=low
 .
   * New upstream version.
   * Add obfsproxy to suggests.
   * Apparmor policy: Allow executing /usr/bin/obfsproxy - thanks to
     intrigeri for the patch (closes: #739279).
Checksums-Sha256: 
 4c5a9fca5e51badf57a448b64a4e0a16ce44b79e74783bfa13f95c605ac5d374 1730 tor_0.2.5.3-alpha-1.dsc
 7dd9313a066e6d94131a07cf0a70ad1e8e3d92cbd752b1e1ca9baeb68a9bbd76 3039133 tor_0.2.5.3-alpha.orig.tar.gz
 43cdb5282287fbd24d025a674909d714ff9338078a86b6d32f4d875dc0a94868 34267 tor_0.2.5.3-alpha-1.diff.gz
 80baf22b409399e862754d6e7173e4b1fb6e60283499b57a6d709b84e9f8cb18 694238 tor-geoipdb_0.2.5.3-alpha-1_all.deb
Checksums-Sha1: 
 7d0bdeeda2c010b9340f92734deb8530912ef51e 1730 tor_0.2.5.3-alpha-1.dsc
 29784b3f711780cd60fff076f6deb9b1f633fe5c 3039133 tor_0.2.5.3-alpha.orig.tar.gz
 e063f80ea0ae0a581bcdc22eb303ab09f3febea5 34267 tor_0.2.5.3-alpha-1.diff.gz
 200ff22461c1fb3533c2c601e14055ac3c796019 694238 tor-geoipdb_0.2.5.3-alpha-1_all.deb
Files: 
 74ea04ad26a74c712a77f993620363c1 1730 net optional tor_0.2.5.3-alpha-1.dsc
 8714ea9ceaa7477534c88385edfdf7df 3039133 net optional tor_0.2.5.3-alpha.orig.tar.gz
 99e46e6f630df254c7bd2d4e40a06b85 34267 net optional tor_0.2.5.3-alpha-1.diff.gz
 26a7d857f2021694a75437f70368a7df 694238 net extra tor-geoipdb_0.2.5.3-alpha-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTLpp4AAoJEDTSCgbh3sV3N/8H/24DQBxfwt+iB3OUWDMDfFi0
y0XpKt4Yz1REBFFBl8clsDajx4i6kodOT1UtLSrgGN2Gyg45vmdNvccoOk7RPK2U
f2gdKg5wT89jvRIl910tr1+KNMfjVd7pZUJ4OSDoez/eOyLcqruK/e9O1jez4uGo
28BAMn8tUOzDTKbCtEMxuG8AAbQ37dRJzQxJPo26ilB+p6zFAGhw4ankvHBEt/Be
utpjiFByYD59ejrtIU/uAvfTJy8dqezEbOeqmChNxGlh6jj+e5ns0/kp/AtcVUkD
zZ70RMHtv7mKZSrLuY4WtP8SspLINSjzgxSCSNWhEvlRQWn/Efzw/DQiKoMi7sM=
=0NA4
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 23 Mar 2015 07:28:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jan 10 14:40:00 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.