Information
ID: 787
PHID: PHID-TASK-edxhcdhr5va73o5xp64l
Author: iry
Status at Migration Time: resolved
Priority at Migration Time: Normal
Description
The only correct torrc checking in Whonix-Gateway is sudo --non-interactive /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config. Because we need to simulate what Tor really uses normally. Tor is started by systemd which uses the parameters as above, therefore, we need to keep the verification consistent with it.
sudo -u debian-tor tor --verify-config, which is currently widely used in Whonix, will give us a false positive that Configuration was valid but it only examines the situation where Tor only uses default torrc.
--defaults-torrc FILE
Specify a file in which to find default values for Tor options. The contents of this file are overridden by those
in the regular configuration file, and by those on the command line. (Default: /etc/tor/torrc-defaults.)
Patrick [[ https://github.com/Whonix/whonixsetup/pull/1#discussion_r179678165 | has helped to pointed out that ]]:
whonixcheck (currently using tor --verify-config)
whonixsetup (currently using tor --verify-config)
acw (maybe using tor --verify-config in future)
anon-shared-helper-scripts (maybe the code should be shared and put there but not sure it's enough code to justify the code sharing, maybe not)
Therefore, we need to switch to the correct tor --verify command.
We may also keep an eye on the command line to start Tor used by systemd, just in case there will be any changes in the future.
Comments
iry
2018-04-13 23:12:02 UTC
iry
2018-04-13 23:17:53 UTC
iry
2018-04-13 23:25:04 UTC
iry
2018-04-13 23:31:09 UTC
Patrick
2018-04-14 08:33:15 UTC
iry
2018-04-15 03:24:48 UTC
iry
2018-06-17 18:40:01 UTC