Hi, [not the maintainers here, but I'm adding intrigeri as well explicitly for input on the change below, and this is only a preliminary cursory look after it was raised in #debian-security IRC channel]
On Sat, Jan 17, 2026 at 09:44:44AM +0000, [email protected] wrote: > Package: torsocks > Version: 2.5.0-1 > Severity: critical > Tags: security > Justification: breaks unrelated software > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > No AI was used at any stage of this bugreport. > > Installing torsocks, when all the libraries it depends on (except libtorsocks) > are already installed, results in a non-working torsocks. Due to the nature of > what torsocks is used for, this is security-related. Additionally, non-working > torsocks breaks the expected functionality of unrelated packages. > > There are many ways in which torsocks can fail or not work, but they are > either > well-known or documented (e.g. torsocks does not work with go-based programs), > and fixing that would require extensive changes, but that is not the point of > this bugreport. > > There exists a serious bug in the packaging of torsocks, meaning not with > torsocks itself, but with how torsocks is being installed by the debian > package. > > On debian 13 (trixie), torsocks has the following dependencies, and all of the > listed libraries (except libtorsocks) are already installed on a default > debian > 13 installation with xfce as the desktop environment: > ``` > $ apt depends torsocks libtorsocks tor > torsocks > Depends: libtorsocks (>= 2.5.0-1) > Depends: libtorsocks (<< 2.5.0-1.1~) > Recommends: tor > libtorsocks > Depends: libc6 (>= 2.38) > Breaks: torsocks (<< 2.4.0-3) > Recommends: torsocks > Replaces: torsocks (<< 2.4.0-3) > tor > Depends: libc6 (>= 2.38) > Depends: libcap2 (>= 1:2.10) > Depends: libevent-2.1-7t64 (>= 2.1.8-stable) > Depends: liblzma5 (>= 5.1.1alpha+20120614) > Depends: libseccomp2 (>= 0.0.0~20120605) > Depends: libssl3t64 (>= 3.0.0) > Depends: libsystemd0 > Depends: libzstd1 (>= 1.5.5) > Depends: zlib1g (>= 1:1.1.4) > Depends: adduser > Depends: runit-helper (>= 2.14.0~) > Depends: lsb-base > sysvinit-utils > Conflicts: <libssl0.9.8> (<< 0.9.8g-9) > Breaks: runit (<< 2.1.2-51~) > Recommends: logrotate > Recommends: tor-geoipdb > Recommends: torsocks > ``` > > Installing torsocks on such a system will not install any new libraries > (except > libtorsocks): > ``` > # apt -V install torsocks > Installing: > torsocks (2.5.0-1) > > Installing dependencies: > libtorsocks (2.5.0-1) > tor (0.4.8.16-1) > tor-geoipdb (0.4.8.16-1) > > Suggested packages: > mixmaster > torbrowser-launcher (0.3.7-3) > socat (1.8.0.3-1) > apparmor-utils (4.1.0-1) > nyx (2.1.0-3) > obfs4proxy (0.0.14-2+b5) > > Summary: > Upgrading: 0, Installing: 4, Removing: 0, Not Upgrading: 3 > Download size: 4563 kB > Space needed: 26.6 MB / 7590 MB available > > Continue? [Y/n] y > Get:1 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 > 2.5.0-1 [67.5 kB] > Get:2 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 > [2054 kB] > Get:3 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all > 0.4.8.16-1 [2413 kB] > Get:4 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 > [27.6 kB] > Fetched 4563 kB in 0s (31.4 MB/s) > Selecting previously unselected package libtorsocks:amd64. > (Reading database ... 103713 files and directories currently installed.) > Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ... > Unpacking libtorsocks:amd64 (2.5.0-1) ... > Selecting previously unselected package tor. > Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ... > Unpacking tor (0.4.8.16-1) ... > Selecting previously unselected package tor-geoipdb. > Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ... > Unpacking tor-geoipdb (0.4.8.16-1) ... > Selecting previously unselected package torsocks. > Preparing to unpack .../torsocks_2.5.0-1_all.deb ... > Unpacking torsocks (2.5.0-1) ... > Setting up tor (0.4.8.16-1) ... > Something or somebody made /var/lib/tor disappear. > Creating one for you again. > Something or somebody made /var/log/tor disappear. > Creating one for you again. > Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → > '/usr/lib/systemd/system/tor.service'. > Setting up libtorsocks:amd64 (2.5.0-1) ... > Setting up tor-geoipdb (0.4.8.16-1) ... > Setting up torsocks (2.5.0-1) ... > Processing triggers for man-db (2.13.1-1) ... > ``` > > Attempting to run torsocks right after installing it results in it failing: > ``` > $ torsocks /bin/true > ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded > (cannot open shared object file): ignored. > ``` > > The reason why this bug is serious is because a user might attempt to run > torsocks immediately after installing it, relying on sending the data through > the tor network instead of through their regular internet connection, and thus > the user's IP address is revealed to the endpoint: > ``` > $ torsocks curl https://check.torproject.org/api/ip > ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded > (cannot open shared object file): ignored. > {"IsTor":false,"IP":"<redacted real IP address>"} > ``` > > Running strace reveals that libtorsocks.so is not found, because it is located > in the /usr/lib/x86_64-linux-gnu/torsocks/ directory, and that directory is > not > being searched: > ``` > $ strace -e openat,newfstatat torsocks /bin/true > openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, > 0) = 0 > newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0 > openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3 > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1191, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1193, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1197, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1203, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1204, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1205, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, > 0) = 0 > newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, > 0) = 0 > openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, > "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", > 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory) > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtorsocks.so", O_RDONLY|O_CLOEXEC) > = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, > st_size=94208, ...}, 0) = 0 > openat(AT_FDCWD, > "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", > 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory) > openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, > st_size=94208, ...}, 0) = 0 > openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 > ENOENT (No such file or directory) > openat(AT_FDCWD, "/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No > such file or directory) > newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = > 0 > openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) > newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = > -1 ENOENT (No such file or directory) > openat(AT_FDCWD, "/usr/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT > (No such file or directory) > newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, > 0) = 0 > ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded > (cannot open shared object file): ignored. > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > +++ exited with 0 +++ > ``` > > Checking which libraries are cached in /etc/ld.so.cache shows that there is no > mention of libtorsocks: > ``` > $ /sbin/ldconfig -p | grep libtorsocks > [no output here] > ``` > > Regenerating the /etc/ld.so.cache and checking for presence of libtorsocks > again: > ``` > # ldconfig > $ /sbin/ldconfig -p | grep libtorsocks > libtorsocks.so.0 (libc6,x86-64) => > /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0 > libtorsocks.so (libc6,x86-64) => > /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so > ``` > > Running strace again shows that libtorsocks.so is immediately found: > ``` > $ strace -e openat,newfstatat torsocks /bin/true > openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, > 0) = 0 > newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0 > openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3 > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2752, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2754, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2758, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2764, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2765, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2766, si_uid=1000, > si_status=0, si_utime=0, si_stime=0} --- > newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, > 0) = 0 > newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, > 0) = 0 > openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so", > O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 > openat(AT_FDCWD, "/etc/tor/torsocks.conf", O_RDONLY) = 3 > +++ exited with 0 +++ > ``` > > Running torsocks again after regenerating the cache makes the error message > disappear and torsocks works fine, the IP address is the address of the tor > exit node instead of the IP address of the user: > ``` > $ torsocks curl https://check.torproject.org/api/ip > {"IsTor":true,"IP":"185.220.101.13"} > ``` > > For comparison, if torsocks is installed on a system that doesn't have all the > libraries already, such as on a headless system with no desktop environment: > ``` > # sudo apt -V install torsocks > Installing: > torsocks (2.5.0-1) > > Installing dependencies: > libevent-2.1-7t64 (2.1.12-stable-10+b1) > libtorsocks (2.5.0-1) > tor (0.4.8.16-1) > tor-geoipdb (0.4.8.16-1) > > Suggested packages: > mixmaster > torbrowser-launcher (0.3.7-3) > socat (1.8.0.3-1) > apparmor-utils (4.1.0-1) > nyx (2.1.0-3) > obfs4proxy (0.0.14-2+b5) > > Summary: > Upgrading: 0, Installing: 5, Removing: 0, Not Upgrading: 0 > Download size: 4744 kB > Space needed: 27.0 MB / 10.5 GB available > > Continue? [Y/n] y > Get:1 http://deb.debian.org/debian trixie/main amd64 libevent-2.1-7t64 amd64 > 2.1.12-stable-10+b1 [182 kB] > Get:2 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 > 2.5.0-1 [67.5 kB] > Get:3 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 > [2054 kB] > Get:4 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all > 0.4.8.16-1 [2413 kB] > Get:5 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 > [27.6 kB] > Fetched 4744 kB in 0s (37.6 MB/s) > Selecting previously unselected package libevent-2.1-7t64:amd64. > (Reading database ... 28823 files and directories currently installed.) > Preparing to unpack .../libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ... > Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... > Selecting previously unselected package libtorsocks:amd64. > Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ... > Unpacking libtorsocks:amd64 (2.5.0-1) ... > Selecting previously unselected package tor. > Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ... > Unpacking tor (0.4.8.16-1) ... > Selecting previously unselected package tor-geoipdb. > Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ... > Unpacking tor-geoipdb (0.4.8.16-1) ... > Selecting previously unselected package torsocks. > Preparing to unpack .../torsocks_2.5.0-1_all.deb ... > Unpacking torsocks (2.5.0-1) ... > Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ... > Setting up tor (0.4.8.16-1) ... > Something or somebody made /var/lib/tor disappear. > Creating one for you again. > Something or somebody made /var/log/tor disappear. > Creating one for you again. > Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → > '/usr/lib/systemd/system/tor.service'. > Setting up libtorsocks:amd64 (2.5.0-1) ... > Setting up tor-geoipdb (0.4.8.16-1) ... > Setting up torsocks (2.5.0-1) ... > Processing triggers for man-db (2.13.1-1) ... > Processing triggers for libc-bin (2.41-12+deb13u1) ... > ``` > > Notice the last line of that log: "Processing triggers for libc-bin > (2.41-12+deb13u1) ...". > This line was missing when installing torsocks on debian 13 with xfce. > > This line is emitted in this instance because the libevent-2.1-7t64 library > was > not installed on the system before attempting to install torsocks, and > installing it led to the regeneration of /etc/ld.so.cache and because the > cache > is regenerated, libtorsocks is found: > ``` > $ /sbin/ldconfig -p | grep libtorsocks > libtorsocks.so.0 (libc6,x86-64) => > /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0 > libtorsocks.so (libc6,x86-64) => > /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so > ``` > > And torsocks immediately works after installing it, with no error message, and > the IP address is the IP of the tor exit node, not the user. > ``` > $ torsocks curl https://check.torproject.org/api/ip > {"IsTor":true,"IP":"107.189.3.94"} > ``` > > This problem did not exist on debian 12 (bookworm). It was introduced in > torsocks 2.5.0-1, I see a few mentions in the changelog [1] for that version > about how the library is packaged. Most suspect are the changes to the > debian/rules file [2]. > > ldconfig has to be run as part of the package installation, or the libtorsocks > package has to be changed to somehow make the system know to regenerate the > library cache. > > Some users will accidentally avoid the problem, if they install some package > that installs libraries to the system, after installing torsocks, if that > leads > to the library cache regeneration. > > By the way torsocks is one of the 3 packages (fakechroot, fakeroot, torsocks) > in all of debian that has the Lintian tag: package-modifies-ld.so-search-path > and unlike fakechroot, it is not overridden [3]. > > As a final note I am aware of at least one system that has an automated script > that installs torsocks, checks if the installation succeeded, checks if the > tor > service is running, and tries to send some data through torsocks immediately > afterwards. This has led to revealing the IP address of that system to the > endpoint. So the bug is not just a theoretical problem. > > [1] https://tracker.debian.org/media/packages/t/torsocks/changelog-2.5.0-1 > [2] > https://salsa.debian.org/pkg-privacy-team/torsocks/-/commits/debian/2.5.0-1/debian/rules > [3] > https://udd.debian.org/lintian-tag/package-modifies-ld.so-search-path?affected=yes It looks that in debian/rules the call for dh_makeshlibs is explicitly overriden, otherwise a trigger for registering 'activate-nowait ldconfig' would be generated. This should resolve the issue, but then one needs to explicitly override both E: libtorsocks: package-modifies-ld.so-search-path [etc/ld.so.conf.d/torsocks-x86_64-linux-gnu.conf] W: libtorsocks: package-has-unnecessary-activation-of-ldconfig-trigger because then this would be actually intended? intrigeri is this correct? Regards, Salvatore
