On Thu, Apr 3, 2025 at 6:29 PM nusenu via tor-dev <[email protected]> wrote: > > Hi, > > given the following example, tor fails to access the familykeydir folder. > > familykeydir has the following permissions: > > drwxr-x--- 2 root tor_reader > > id _tor > uid=996(_tor) gid=993(_tor) groups=993(_tor),994(tor_reader) > > Is tor able to use secondary groups? > > When using sudo to switch to user _tor manually, it is possible to read files > in that folder without problems. > > The problem does not happen when _tor's primary group is set to 'tor_reader'. > Tested on debian.
Hm. In src/lib/process.setuid.c, it looks like we're only calling setgroups() with a single gid from the password database, not with any additional groups. So I don't think the C tor implementation is set up to handle _switching_ to secondary groups when you're telling it to setuid. -- Nick _______________________________________________ tor-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
