From owner-freebsd-ports-bugs@FreeBSD.ORG  Fri Mar 17 20:50:15 2006
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CC9AC16A41F
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 17 Mar 2006 20:50:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E51F43D53
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 17 Mar 2006 20:50:15 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2HKoEcX039954
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Fri, 17 Mar 2006 20:50:14 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2HKoEaM039953;
	Fri, 17 Mar 2006 20:50:14 GMT (envelope-from gnats)
Resent-Date: Fri, 17 Mar 2006 20:50:14 GMT
Resent-Message-Id: <200603172050.k2HKoEaM039953@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Wes Santee <wes@bogon.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD09B16A401
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 17 Mar 2006 20:47:56 +0000 (UTC) (envelope-from wes@bogon.net)
Received: from bogon.dnsalias.net (168-103-224-74.ptld.qwest.net
	[168.103.224.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 38D0343D7B
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 17 Mar 2006 20:47:52 +0000 (GMT) (envelope-from wes@bogon.net)
Received: from [10.0.0.3] (starbug.wifi.bogon.net [10.0.0.3])
	by mail-jail.wifi.bogon.net (Postfix) with ESMTP id 679C711423
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 17 Mar 2006 12:47:50 -0800 (PST)
Message-Id: <441B2071.1000800@bogon.net>
Date: Fri, 17 Mar 2006 12:47:45 -0800
From: Wes Santee <wes@bogon.net>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: 
Subject: ports/94621: security/tor-devel defaults data directory to
 non-persistent storage location
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2006 20:50:16 -0000


>Number:         94621
>Category:       ports
>Synopsis:       security/tor-devel defaults data directory to non-persistent
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 17 20:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Wes Santee
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
N/A
>Environment:
System: FreeBSD lister.wifi.bogon.net 6.0-STABLE FreeBSD 6.0-STABLE #3:
Tue Feb 21 15:35:34 PST 2006
root@lister.internal.bogon.net:/storage/usr/obj/usr/src/sys/LISTER i386


>Description:
	The security/tor-devel port installs /usr/local/etc/rc.d/tor.sh.
	This script handles the starting and stopping of the tor process
	when tor_enabled="YES" is in /etc/rc.conf.

	The script overrides the value of DataDirectory in the
	/usr/local/etc/tor/torrc file by defining the variable
	tor_datadir.  The problem is that tor_datadir (in addition
	to not being a documented variable in the comments of the
	script) points to /var/run/tor.

	Since /var/run is emptied during system startup (by way of
	/etc/rc.d/cleanvar), the tor server's secret key is erased
	each time the system is started.  This causes an entirely
	new server fingerprint to be created each time.  This
	fingerprint must stay the same for the server to be recognized
	on the tor network.

>How-To-Repeat:
	1) Install /security/tor-devel with default options
	2) Configure as a server in /usr/local/etc/tor/torrc
	   (specify ORPort and DirPort).
	3) Add "tor_enable=YES" to /etc/rc.conf and start tor
	   via /usr/local/etc/rc.d/tor.sh start.
	4) Check fingerprint in /var/run/tor/fingerprint
	5) Reboot system
	6) When system comes up again, check fingerprint file.
           It will probably have changed as a result of the
	   keyfile being deleted and regenerated.

>Fix:

	1) Do not use a default of /var/run/tor for the data directory.
	2) If the tor.sh startup script is going to override what
	   is in the torrc, document the variable in the script file.
>Release-Note:
>Audit-Trail:
>Unformatted:
 storage location