Debian Bug report logs - #847598
Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS

version graph

Package: tor; Maintainer for tor is Peter Palfrader <weasel@debian.org>; Source for tor is src:tor (PTS, buildd, popcon).

Reported by: David Goulet <dgoulet@torproject.org>

Date: Fri, 9 Dec 2016 18:30:01 UTC

Severity: normal

Found in version tor/0.2.8.11-1

Fixed in version tor/0.2.8.11-2

Done: Peter Palfrader <weasel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Peter Palfrader <weasel@debian.org>:
Bug#847598; Package tor. (Fri, 09 Dec 2016 18:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to David Goulet <dgoulet@torproject.org>:
New Bug report received and forwarded. Copy sent to Peter Palfrader <weasel@debian.org>. (Fri, 09 Dec 2016 18:30:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: David Goulet <dgoulet@torproject.org>
To: submit@bugs.debian.org
Subject: Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS
Date: Fri, 9 Dec 2016 13:17:13 -0500
[Message part 1 (text/plain, inline)]
Package: tor
Version: 0.2.8.11-1

Changes of the CapabilityBoundingSet in the systemd file causes tor to not
start. Here is the diff added recently from 0.2.8.9 package and this package.
Changes from:

CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER

to

CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

On a tor with a configured hidden service, we get that as a failure;

	[warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied

Thanks

[signature.asc (application/pgp-signature, inline)]

Reply sent to Peter Palfrader <weasel@debian.org>:
You have taken responsibility. (Fri, 09 Dec 2016 19:57:04 GMT) (full text, mbox, link).

Notification sent to David Goulet <dgoulet@torproject.org>:
Bug acknowledged by developer. (Fri, 09 Dec 2016 19:57:04 GMT) (full text, mbox, link).

Message #10 received at 847598-close@bugs.debian.org (full text, mbox, reply):

From: Peter Palfrader <weasel@debian.org>
To: 847598-close@bugs.debian.org
Subject: Bug#847598: fixed in tor 0.2.8.11-2
Date: Fri, 09 Dec 2016 19:53:21 +0000
Source: tor
Source-Version: 0.2.8.11-2

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 847598@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <weasel@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 09 Dec 2016 19:23:24 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source
Version: 0.2.8.11-2
Distribution: unstable
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - GeoIP database for Tor
Closes: 847598
Changes:
 tor (0.2.8.11-2) unstable; urgency=medium
 .
   * Re-add CAP_DAC_OVERRIDE to the CapabilityBoundingSet.  Tor checks
     properties of hidden service directories as root before changing its UID
     to debian-tor, and those trees are owned by debian-tor and go-rwx
     (closes: #847598).
Checksums-Sha1:
 b06ac0fd01e09b01d997e33bc63380d97124f7f4 1827 tor_0.2.8.11-2.dsc
 eac299dcc8250cffcea68d8bbbabb9d17942e7ef 5313244 tor_0.2.8.11.orig.tar.gz
 00bf3492685fc81fff8954c1f2fb39500ced73e9 40338 tor_0.2.8.11-2.diff.gz
Checksums-Sha256:
 136d515ca77946954ccf3bf09742890761901a9b356e381bb53420713bf7ad6d 1827 tor_0.2.8.11-2.dsc
 7adea0bfa17edafd4e09453f4f58a0dca737660e5358f9dafd52d55d55dc6ab3 5313244 tor_0.2.8.11.orig.tar.gz
 cfc5ea2059cd11488d6a662e36eb02b0babbe0fa382600af2bba3e614cdba4af 40338 tor_0.2.8.11-2.diff.gz
Files:
 fabfc638e669f8ce35de2736d2ff123e 1827 net optional tor_0.2.8.11-2.dsc
 53feaecb15be43b09b06ff0a23252e0d 5313244 net optional tor_0.2.8.11.orig.tar.gz
 103be8ad54fb90d0c205299ec09e85c9 40338 net optional tor_0.2.8.11-2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYSwZ7AAoJEIYCyCA4cjMfg7sIAJcjl19817kYc2775oIUXAS/
PipDhoqR5rye5l1fVbHytqlqtm0Oy5qkwLQM0SLrytuLNddtr8u8mYBLIVbG/eRI
06wEeVXfBtfeFv5RVonAoH9Ni44tVvwZvk8N5gZHhysydwbDUaDoOjnJ+K+SeILU
CVwNXgxqGyPwErLbAz3vT2yRplXRr7MFHONzBAPy9ttep6UoI8jf789qzGa7MYHp
uJZpKNLP7J9hzrCJpDEpP4JyLoQb41YmyyTu5ZfChM9yvbp0bgd9fgRosUWV7MxE
evJICDIPcEy5K/T4/0a0JYCnqMVcBQXVbMOkwL3kS0epDicUUCokfdsOdRU27yQ=
=Qbxa
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Jan 2017 12:12:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Nov 2 01:35:47 2021; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.