From patchwork Sat Sep  7 17:52:00 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 2398
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 46Qhpm6sVdz42Mf
	for <patchwork@web04.haj.ipfire.org>; Sat,  7 Sep 2019 17:52:48 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 46Qhpl4jRPz3NT;
	Sat,  7 Sep 2019 17:52:47 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=201909ed25519; t=1567878768;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=/SFVUCME00bk+EzwjcRSy2BMUhWDgwMojG6AqpOxv/E=;
	b=M8bWjneV1uF732YqFkWrhz1cPAAIa4q7geBir3gt/DiysDf9gZXcYJWnA8GZqv15EN4uQY
	0VLlGV7Ec21A8aDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909rsa;
	t=1567878768; h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=/SFVUCME00bk+EzwjcRSy2BMUhWDgwMojG6AqpOxv/E=;
	b=LtP9FfkTC3eDdG0YC3aTZIArIrt9K93TEiQwRGlZ7arvIF5d19AUlV8wn/sadXTzSv67OQ
	oYn/7OzCazljBzYwnnrFcxdurY/zWEdL+ejZfq6Qn/kK7t7I9w5qkZ4a1rymjrTyfchNi5
	jGSz1588RVT6U0KHprWlUz2kGWejaPqTLlnC/+mALakY4jDLepKYRA7w8zkmfSqM6CxVSE
	lrRhvzBnIP2d6ht2CgTTPVIDraN6Lv9m5GoG7GxuTI42vDUmCP4CH5Ih7QtkjY+YolrcYx
	h6QkDzCxovNGxPVkoIlL2JlIHQczd+gFyCwz/uC0Uz5VqgZ9uFv1/z2yp08jAA==
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 46Qhpl3GHKz2ylm;
	Sat,  7 Sep 2019 17:52:47 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 46Qhpk1bmWz2ydB
 for <development@lists.ipfire.org>; Sat,  7 Sep 2019 17:52:46 +0000 (UTC)
Received: from [127.0.0.1] (100.emeraldonion.org [23.129.64.100])
 (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 46Qhph6wFSz3NT
 for <development@lists.ipfire.org>; Sat,  7 Sep 2019 17:52:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909rsa;
 t=1567878765;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=/SFVUCME00bk+EzwjcRSy2BMUhWDgwMojG6AqpOxv/E=;
 b=Fs42ZAmNOUQCj5KUgRgEzzPtrepPfwp2G4LA+P+NHS9WEsp9sr3NK4zCN9p+bZge4UQroG
 bdhhBHd0e5pROm3rlwzVcpYKshElWWctLJ/ijxuCHlRmx7ashWkVL65x0e5RCQRIl0kk6E
 /9GX8GyIFdAvhl1PYhsOIKaFQaZ0pSgX1F0cw34qnFuqW1Acq+H9UFJiVHKkMfOfWo3LN7
 SRktFd4IpPjUNbCbq1W00yCGKLwE88opgn/KwJlnAAdnJVoc4dci0RKwFZFqJk21LQCbgi
 cieTLheoVbnPY9iZgyNVOFneeM3mPTe7aeqe6pPZk5EVRffenaXwQ0w3xx6p5Q==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909ed25519; t=1567878766;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=/SFVUCME00bk+EzwjcRSy2BMUhWDgwMojG6AqpOxv/E=;
 b=asxegYNpW0W+nv8vXsw1BUakk3fhaBwpHoQBgi1DAJH4EFkMbuM2/2mYb07g0D65pW0xbO
 EqoOIWUWnfpnhwBA==
To: "IPFire: Development-List" <development@lists.ipfire.org>
From: peter.mueller@ipfire.org
Subject: [PATCH] Tor: fix permission of /var/ipfire/tor/settings
Message-ID: <85f686b6-4b5d-ea51-9cbb-925bfe17f000@ipfire.org>
Date: Sat, 07 Sep 2019 17:52:00 +0000
MIME-Version: 1.0
Content-Language: en-US
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.auth=pmueller smtp.mailfrom=peter.mueller@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

The settings file must be writeable for group "nobody" so
users can change their Tor settings via WebUI. Since other
files in /var/ipfire/tor/ does not need this workaround, only
the settings file permissions are changed.

Sorry for the late fix; this was reported by various people
in the forum, too (I was unaware of so many Tor users in our
community).

Fixes #12117

Reported-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/tor                 | 2 +-
 src/paks/tor/install.sh | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lfs/tor b/lfs/tor
index d918910d4..1e234e0ab 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 40
+PAK_VER    = 41
 
 DEPS       = "libseccomp"
 
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
index 1659871b6..4d0353155 100644
--- a/src/paks/tor/install.sh
+++ b/src/paks/tor/install.sh
@@ -38,4 +38,8 @@ restore_backup ${NAME}
 # Adjust some folder permission for new UID/GID
 chown -R tor:tor /var/lib/tor /var/ipfire/tor
 
+# Tor settings file needs to be writeable by nobody group for WebUI
+chown tor:nobody /var/ipfire/tor/settings
+chmod 664 /var/ipfire/tor/settings
+
 start_service --background ${NAME}