Page MenuHomePhabricator

Use correct Tor --verify command
Closed, ResolvedPublic

Description

The only correct torrc checking in Whonix-Gateway is sudo --non-interactive /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config. Because we need to simulate what Tor really uses normally. Tor is started by systemd which uses the parameters as above, therefore, we need to keep the verification consistent with it.

sudo -u debian-tor tor --verify-config, which is currently widely used in Whonix, will give us a false positive that Configuration was valid but it only examines the situation where Tor only uses default torrc.

--defaults-torrc FILE
    Specify a file in which to find default values for Tor options. The contents of this file are overridden by those
    in the regular configuration file, and by those on the command line. (Default: /etc/tor/torrc-defaults.)

Patrick has helped to pointed out that:

whonixcheck (currently using tor --verify-config)
whonixsetup (currently using tor --verify-config)
acw (maybe using tor --verify-config in future)
anon-shared-helper-scripts (maybe the code should be shared and put there but not sure it's enough code to justify the code sharing, maybe not)

Therefore, we need to switch to the correct tor --verify command.

We may also keep an eye on the command line to start Tor used by systemd, just in case there will be any changes in the future.

Details

Impact
Needs Triage

Event Timeline

iry created this task.Apr 6 2018, 9:33 PM
iry added a comment.Apr 14 2018, 1:25 AM

I grepped all the whonix source code and I believe these two PRs are enough to fix all the existing wrong tor --verify commands and hints used in Whonix.

iry added a comment.Apr 14 2018, 1:31 AM

Tor is started by systemd which uses the parameters as above, therefore, we need to keep the verification consistent with it.

This means we should always keep an eye on the changes on the systemd changes in debian tor package.

Specifically:

user@host:~$ grep -r -i "exec" /lib/systemd/system/tor@default.service
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
ExecReload=/bin/kill -HUP ${MAINPID}

It fixes it in theory but it's very user unfriendly to ask to type such a long command.

Could you add a new (python) wrapper here please? (Also the reason why using the short command in the first place.)

https://github.com/Whonix/anon-gw-anonymizer-config/tree/master/usr/bin

And the reference that wrapper instead?

Ideal...? (So this won't need updates long term?)

Match from ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config the /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config part and execute?

iry added a comment.Apr 15 2018, 5:24 AM

Could you add a new (python) wrapper here please? (Also the reason why using the short command in the first place.)

Great idea.

I haven't done yet. But here is the progress:

https://github.com/Whonix/anon-gw-anonymizer-config/pull/10

iry closed this task as Resolved.Jun 17 2018, 8:40 PM

Patrick Schleizer:

Added a very few commits on top. Including sudoers.d. Should be shorted. But not fully tested. Please test when convenient.
https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/etc/sudoers.d/anonymizer-config-gateway

Thank you for the commits, Patrick!

It works fine for me! :)

Patrick triaged this task as Normal priority.Apr 14 2019, 3:36 PM