From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id wCUnAiP/XmCRgQEAgWs5BA (envelope-from ) for ; Sat, 27 Mar 2021 10:47:15 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id WIGZNyL/XmB6LwAAB5/wlQ (envelope-from ) for ; Sat, 27 Mar 2021 09:47:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 951782359A for ; Sat, 27 Mar 2021 10:47:10 +0100 (CET) Received: from localhost ([::1]:53406 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lQ5XB-0007Lo-OU for larch@yhetil.org; Sat, 27 Mar 2021 05:47:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45170) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lQ5X4-0007Lg-6v for guix-patches@gnu.org; Sat, 27 Mar 2021 05:47:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60117) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lQ5X3-0005SZ-Vc for guix-patches@gnu.org; Sat, 27 Mar 2021 05:47:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lQ5X3-0000tQ-Tr for guix-patches@gnu.org; Sat, 27 Mar 2021 05:47:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#47155] [PATCH] gnu: Respect DataDirectoryGroupReadable option of tor. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 27 Mar 2021 09:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47155 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: raid5atemyhomework Cc: "47155@debbugs.gnu.org" <47155@debbugs.gnu.org> Received: via spool by 47155-submit@debbugs.gnu.org id=B47155.16168383753380 (code B ref 47155); Sat, 27 Mar 2021 09:47:01 +0000 Received: (at 47155) by debbugs.gnu.org; 27 Mar 2021 09:46:15 +0000 Received: from localhost ([127.0.0.1]:43430 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lQ5WI-0000sR-OF for submit@debbugs.gnu.org; Sat, 27 Mar 2021 05:46:15 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:33278) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lQ5WF-0000sF-Uq for 47155@debbugs.gnu.org; Sat, 27 Mar 2021 05:46:13 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by michel.telenet-ops.be with bizsmtp id lMm92400M0mfAB406MmAM9; Sat, 27 Mar 2021 10:46:10 +0100 Message-ID: <2385f734152be7ed5351bc07dcc7d77e5f22efd0.camel@telenet.be> From: Maxime Devos Date: Sat, 27 Mar 2021 10:45:43 +0100 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-lCWnRI3LDRRvbPsKTXdj" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1616838370; bh=tFQ9regymkfZTtvyZjDVTA2f9CzSrjLAk5IEN0Qc1ws=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=jpmRkSFzOi+crZ99TjiasCgcVsTOgBJsd0GhxBf4ilEQCDu918UB4FtOzgAC8wM8V DHckjKHWyOehO3t4q8ydmyZ+sufGcw2nqguqr7ROTZXIL+egE6GqaN1PCJS+m+NV2m jsCaO/aGwumCWTMFdBBIcKAOg65qSiOeJQwVJLmnylJzOEQi8XGyHPzEW0b/WdBLrM lm81bZKDjJrcTsTXUgGHMKfRF+34Tgn09JJLHn7YmjlTwfwXYxhSUOlp5PyvMNXne6 QHS3yO+XSufHMgTuFBWcDVkpmDo7JYhygA0GuDLXEU5EtUxnotwL742juMNr1/ax7f 6H8FILu7Zz20w== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616838430; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=tFQ9regymkfZTtvyZjDVTA2f9CzSrjLAk5IEN0Qc1ws=; b=qVPzO1/thnkAzNwWT8HzVKq7KS6YG2VgJB33yUtqPAY7o1i2JGq4SZwb4ixAI08hIrYm7o WIY2qsT0eVduWk8aD9CKeqEx5RmzwxxnZbWJWGwYu3QflrZ6hb3nqE38NXM+xZpBQtggAh 2thmUO/PJI2yJ4RbiVQbVe/6SKIJGocV3/Moj6HBzpAnqgIuaQHRvDnWlenZNDunSrl8DE NN8gyyuo7uFq18YNdDnveAgAQVa48YQo+c7kOZqV7ZMih2auKNVzhWDGqAYcN6I4prNHbf RIhp9Q+aXcsW2v228+1rCnfV5HShTMZ3tUcTMAM7Q5njqm4BgOpWvc41/E+7eQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616838430; a=rsa-sha256; cv=none; b=hZp0MJfaU0MFY03z+b1AivHOzbeoAL0llB/O0D2H6eRe6rNoXVtTr58cDwP2YZSiw1tKYe fSBFfjvdgPXPNhnwUOZUGeCMhV1JwVqlrZTAIvkKFnaPak7vjj61KJzVtJM8yppGcgmqgJ dtDQSphM9mpzqI0ys0DhmIsRCPyl3+pUlWVWLtGt5ty5cnyhJG2xPxFivbyCtzgO6HE/DV lasNNModXukbwYoFS789hc94oaJc/RnTUU44zVUPCF7Q5PJQ4KsvqYsJzgpDB5OMYgXmgR i6Viq9gN8COGtbbCxfPPcnCD7dR1xE7YUOteZA5HKXkT2DYVqlMwNhwtfCq92Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=jpmRkSFz; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.42 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=jpmRkSFz; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 951782359A X-Spam-Score: -3.42 X-Migadu-Scanner: scn0.migadu.com X-TUID: l6T7MUtIjpaT --=-lCWnRI3LDRRvbPsKTXdj Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2021-03-27 at 06:37 +0000, raid5atemyhomework wrote: > > > If you reconfigure your OS without restarting the tor service, > > > the directory permissions are reset due to the activation code being > > > re-run and resetting the directory permissions. > > > This change simply does not chmod if the directory already exists. > >=20 > > I believe it would be more transparent to introduce a > > (data-directory-group-readable? #t/#f), with #f as default, > > to tor-configuration (adjusting tor-configuration->torrc) > > and change the permission bits passed to chmod appropriately. > >=20 > > (Documentation & reproducible system configuration & one integrated > > system (in the software sense) and all that) >=20 > But really though, the primary reason for this is to use the "cookie" > authentication scheme with a control port on 9051. This is supported > by most daemons, as the "control unix socket" (that is currently supporte= d > by `control-socket?` option) seems to be relatively new (Tor 0.2.7.1). >=20 > This requires adding: >=20 > ControlPort 9051 > CookieAuthentication 1 > CookieAuthFileGroupReadable 1 > DataDirectoryGroupReadable 1 >=20 > In https://issues.guix.gnu.org/46549 which implements `control-socket?` t= he > author expressed doubt as to the safety of this mechanism. Looking at th= e Tor > manpage regarding `ControlPort`: >=20 > ``` > Note: unless you also specify one or more of HashedControlPassword or Coo= kieAuthentication, > setting this option will cause Tor to allow any process on the local > host to control it. (Setting both authentication methods means either met= hod is sufficient > to authenticate to Tor.) This option is required for many Tor controllers= ; most use > the value of 9051. > ``` >=20 > Basically, this is safe as long as you use *either* `HashedControlPasswor= d` *or* > `CookieAuthentication` *or* both; in the case of `CookieAuthentication` o= nly users > with read access to the cookie file can access it. Nearly every daemon t= hat needs > control access over Tor (usually to set up their own hidden service using= their own > privkey) expects `CookieAuthentication` and reads from `/var/lib/tor/cont= rol_auth-_cookie`, > which requires that `/var/lib/tor` be readable (else it can't look up the= filename). It > becomes just as safe as the control-unix-socket option, as that is simila= rly gated by > file permissions. I believe this addresses the security concerns Christopher Lemmer Webber ha= d. > Note in particular that Bitcoin Core supports `ControlPort` and not `Cont= rolSocket`, so > this is needed for Bitcoin Core support. From what I can see more daemon= s support > `ControlPort` than `ControlSocket`. Ok, but take a look at . Maybe its out of date though: This patch looks good to me, except for some minor aesthetic issues in the = commit message. I ran "make system-check TESTS=3Dtor" with this patch, which succeeded. > Thanks > raid5atemyhomework >=20 >=20 > From d9bea7635594654e1e631e4db55422c511f0220a Mon Sep 17 00:00:00 2001 > From: raid5atemyhomework > Date: Sat, 27 Mar 2021 14:29:31 +0800 > Subject: [PATCH] gnu: Add 'control-port?' setting to Tor. >=20 > * gnu/services/networking.scm (tor-configuration): Add `control-port?` fi= eld. > (tor-configuration->torrc): Support `control-port?` field. > (tor-activation): Allow group access to data directory if `control-port?`= . > * doc/guix.texi (Networking Services)[Tor]: Describe new `control-port?` = field. Usually we `quote', 'quote', "quote" or =E2=80=98quote=E2=80=99, but never = `quote`. I recommend 'quote', as in commit 43937666ba6975b6c847be8e67cecd781ce27049 Author: Ludovic Court=C3=A8s Date: Fri Mar 19 14:23:57 2021 +0100 download: 'tls-wrap' treats premature TLS termination as EOF. =20 This is a backport of Guile commit 076276c4f580368b4106316a77752d69c8f1494a. =20 * guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!' call in 'catch' and handle 'error/premature-termination' GnuTLS errors. Greetings, Maxime. --=-lCWnRI3LDRRvbPsKTXdj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYF7+xxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g1VAQCiugoKSfkGK54AZqLsxSO6zEgB ECwVm8uW2dPTJWUUiwEApymmyQFu52SHhXKK9zWYa7YBaXw180cwfrfg/2pb3go= =hCEt -----END PGP SIGNATURE----- --=-lCWnRI3LDRRvbPsKTXdj--