Source: tor
Version: 0.2.3.14-alpha-1
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: new-profile
X-Debbugs-CC: [email protected]
thanks
Hi weasel,
[Cc'ing tor-dev since some people there, such as the TorBOX folks,
have expressed some interest in confining.]
Please include AppArmor profile in the Tor Debian package.
Since it handles untrusted data, and has been affected by a number of
potential security issues in past years relating to its handling of
those, it seems like an ideal candidate for confining:
https://wiki.debian.org/AppArmor
I have been testing Tor for a few months, on a Debian sid system, with
the attached AppArmor profile. I have been testing with Tor 0.2.2.x
from sid as well with Tor 0.2.3.x from experimental. I have not run
into any single problem with it.
Attached are:
1. apparmor_tor_v1.patch: a patch that adds this AppArmor support to
Tor;
2. build-tor-sources_apparmor.patch: a patch that updates your
build-tor-sources script so that the source package with the above
patch applied builds on every system you care about, and gets the
best possible AppArmor support out of it:
- hardy, lucid, Debian up to and including squeeze-backports:
no dh-apparmor at all => needs to run apparmor_backport,
resulting package gets no AppArmor support
- maverick to oneiric:
dh-apparmor shipped with debhelper => needs to run
apparmor_backport, resulting package gets AppArmor support
- precise, Debian Wheezy and sid:
standalone dh-apparmor package => no need for apparmor_backport,
resulting package gets AppArmor support
Please consider applying these patches. Unless we're confident 0.2.3.x
will turn into a stable release in time for the Wheezy freeze,
I suggest applying the source package patch to the 0.2.2.x sid
packaging branch as well.
Note that enforcing AppArmor profiles is currently opt-in on Debian:
applying the attached does not change anything for users unless they
enable AppArmor system-wide themselves.
commit 8c6bf77d678b8147c3b7857dc729ae9dbb5a225d
Author: intrigeri <[email protected]>
Date: Mon Apr 16 10:40:47 2012 +0200
Add AppArmor profile.
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
new file mode 100644
index 0000000..3b0badd
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,34 @@
+# vim:syntax=apparmor
+#include <tunables/global>
+
+/usr/sbin/tor {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ network tcp,
+
+ capability chown,
+ capability dac_override,
+ capability fowner,
+ capability fsetid,
+ capability setgid,
+ capability setuid,
+
+ /proc/sys/kernel/random/uuid r,
+ /sys/devices/system/cpu/ r,
+ /sys/devices/system/cpu/** r,
+
+ /etc/tor/* r,
+ /usr/share/tor/** r,
+
+ owner /var/lib/tor/** rwk,
+ owner /var/log/tor/log* w,
+
+ /{,var/}run/tor/control w,
+ /{,var/}run/tor/tor.pid w,
+ /{,var/}run/tor/control.authcookie w,
+ /{,var/}run/tor/control.authcookie.tmp rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.tor>
+}
diff --git a/debian/control b/debian/control
index 4acf32a..e6e58ab 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: tor
Section: net
Priority: optional
Maintainer: Peter Palfrader <[email protected]>
-Build-Depends: debhelper (>= 5), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto
+Build-Depends: debhelper (>= 5), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto, dh-apparmor
Standards-Version: 3.8.1
Homepage: https://www.torproject.org/
Vcs-Git: git://git.torproject.org/debian/tor.git
@@ -13,7 +13,7 @@ Architecture: any
Depends: ${shlibs:Depends}, adduser, ${misc:Depends}
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
Recommends: logrotate, tor-geoipdb, torsocks
-Suggests: mixmaster, xul-ext-torbutton, socat, tor-arm, polipo (>= 1) | privoxy
+Suggests: mixmaster, xul-ext-torbutton, socat, tor-arm, polipo (>= 1) | privoxy, apparmor
Description: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system which
addresses many flaws in the original onion routing design.
diff --git a/debian/rules b/debian/rules
index b8cf5c0..53ead19 100755
--- a/debian/rules
+++ b/debian/rules
@@ -151,6 +151,10 @@ install: build
install -m 644 contrib/tor-tsocks.conf $(CURDIR)/debian/tor/etc/tor
install -m 644 debian/tor-service-defaults-torrc $(CURDIR)/debian/tor/usr/share/tor
+ install -m 644 debian/apparmor-profile $(CURDIR)/debian/tor/etc/apparmor.d/usr.sbin.tor
+ if type dh_apparmor >/dev/null 2>&1; \
+ then dh_apparmor --profile-name=usr.sbin.tor -ptor; fi
+
dh_link usr/share/man/man8/tor.8 usr/share/man/man5/torrc.5
rm -f $(CURDIR)/debian/tor/usr/bin/tor-control.py
diff --git a/debian/tor.dirs b/debian/tor.dirs
index 3c28695..f4f6db7 100644
--- a/debian/tor.dirs
+++ b/debian/tor.dirs
@@ -1,3 +1,4 @@
+etc/apparmor.d
etc/tor
var/lib/tor
var/log/tor
--- build-tor-sources.orig 2012-04-23 11:01:01.035395374 +0200
+++ build-tor-sources 2012-04-25 23:13:15.383044988 +0200
@@ -105,6 +105,10 @@
fi
}
+apparmor_backport() {
+ sed -i -e '/^Build-Depends/ s/, *dh-apparmor//' debian/control
+}
+
bp1() {
local dir="$1"; shift
local sid_debian_version="$1"; shift
@@ -201,11 +205,13 @@
#################################################
bp1 $DIR $sid_debian_version lenny
(cd $DIR; hardening_backport 0)
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
# SQUEEZE
#################################################
bp1 $DIR $sid_debian_version squeeze
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
# WHEEZY
@@ -225,27 +231,32 @@
# hardy's dpkg-parsechangelog cannot deal with dots in the distribution field, remove them.
(cd $DIR; dch --force-distribution --distribution "$(dpkg-parsechangelog | grep-dctrl -n -s Distribution '' | tr -d .)" '')
(cd $DIR; hardening_backport 0)
+ (cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
fi
# LUCID (EOL: April 2015)
#################################################
bp1 $DIR $sid_debian_version lucid
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
# MAVERICK (EOL: April 2012)
#################################################
bp1 $DIR $sid_debian_version maverick
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
# NATTY (EOL: October 2012)
#################################################
bp1 $DIR $sid_debian_version natty
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
# ONEIRIC (EOL: April 2013)
#################################################
bp1 $DIR $sid_debian_version oneiric
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
@@ -256,6 +267,7 @@
# SQUEEZE-BPO
#################################################
bp1 $DIR $sid_debian_version squeeze-bpo
+(cd $DIR; apparmor_backport)
bp2 $DIR $ORIGTAR
mkdir bpo
