Delivery-Date: Sat, 13 Aug 2016 17:00:25 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4C6891E04CB;
	Sat, 13 Aug 2016 17:00:23 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id AF1FCE0D0B;
	Sat, 13 Aug 2016 21:00:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DC579E0D13
 for <tor-talk@lists.torproject.org>; Sat, 13 Aug 2016 21:00:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id oyA6cWsCm-9a for <tor-talk@lists.torproject.org>;
 Sat, 13 Aug 2016 21:00:08 +0000 (UTC)
Received: from cock.li (cock.li [185.100.85.212])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id ABC04E0CB2
 for <tor-talk@lists.torproject.org>; Sat, 13 Aug 2016 21:00:08 +0000 (UTC)
To: tor-talk@lists.torproject.org
From: Jeremy Rand <jeremyrand@airmail.cc>
X-Enigmail-Draft-Status: N1110
Message-ID: <9390f006-3fc8-f614-bb8c-9a7d6deb45f3@airmail.cc>
Date: Sat, 13 Aug 2016 20:59:56 +0000
MIME-Version: 1.0
Subject: [tor-talk] SELinux issue with Tor?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Reply-To: tor-talk@lists.torproject.org
Content-Type: multipart/mixed; boundary="===============9014264151200148982=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============9014264151200148982==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="5K2jcQE2VsMuBWIXg3N465aajFNOcwA9v"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5K2jcQE2VsMuBWIXg3N465aajFNOcwA9v
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hey,

Someone reported a weird SELinux issue with Tor on the #zeronet IRC
earlier today.  I've obtained permission to post a partial chatlog, as
I'm curious if this is intended behavior by Tor.  Chatlog below:

<pskosinski> Someone fucked up Tor in my distro and I can't use it now,
ZeroNet still tries to use the fucked up Tor, so I can't do=E2=80=A6 anyt=
hing
<pskosinski> nvm, there's zeronet.conf
<Jeremy_Rand_2> pskosinski, might I ask what distro has a broken Tor?
* Jeremy_Rand_2 wants to make a mental note to avoid that distro like
the plague
<pskosinski> Jeremy_Rand_2: Well, so far I had not much time to check if
it's not reported yet or it's not my fault=E2=80=A6 Anyway, it seem to no=
t work
well in Fedora 24 after last update
<pskosinski> Anyway, it was working, I did not change anything, updated,
doesn't work, SELinux throws alerts
<Jeremy_Rand_2> pskosinski, oh, that's unfortunate, I use Qubes-Fedora
for some of my stuff.  (although I use Fedora 23)
<Jeremy_Rand_2> pskosinski, although my Tor stuff is running in Whonix
* Jeremy_Rand_2 tries to come up with a justification involving Fedora
being advertised as bleeding-edge, but fails because Tor being bricked
by SELinux should be really easy to notice in QA
<pskosinski> According to SELinux tor wants to mount a filesystem on
/var/lib/tor, what sounds weiiiiird
<pskosinski> Do I have NSA-version of tor or what
<pskosinski> So seems good that SELinux is preventing that, the question
why is tor trying to do that
<Jeremy_Rand_2> pskosinski, lemme get this, a security system created by
NSA is stopping a suspected NSA-backdoored version of software created
by the Pentagon from operating
<Jeremy_Rand_2> I love the world of infosec these days
<pskosinski> ;p
<Jeremy_Rand_2> It's better than fiction

Sincere apologies if this behavior is documented somewhere already.
(Also, my reference to onion routing being created by the Pentagon was
purely commentary on how the field of infosec is more interesting than
fiction -- I'm already aware that Tor isn't backdoored by the Pentagon,
please don't think that I was implying that.)

Anyway, if anyone might be able to comment on whether this is intended
behavior, what the purpose is, and whether anyone else has encountered
this issue in Fedora (or any other distros), that would be greatly
appreciated.

Cheers,
-Jeremy Rand


--5K2jcQE2VsMuBWIXg3N465aajFNOcwA9v
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXr4pOAAoJELPy0WV4bWVwr8wQAIzG1c1WDMDlkWEf0nDiocfC
p/zP0XvGpvSLYnx+BxiA71X4YC+f7D724+/3JCxhwO9MQXKtewQXqXVI+yejAx3+
jAI8/a+1E4Ek9Iw9GkCA9imZ26eqgFsFgQUMXaZiZeV08xoOmN0jC5tWuCBKYb69
r+cGnTVxXkiEmtoSDjsFuHvizlwfAVvg4BLvTt7Pgid2vCFSNBvgaGCNzRTRRrK4
DPVtN7h3SO11u0T8zvCJa6FMfcCmcWCYIcYOYLyib3IYE3aSRuRp2FBcISeois7p
IJt7YaPJJLtY8n2sh13rXmm77s4nYpnBWYitKKAOoNET3Mz7DuJCEhvNeQXa03gc
go7BJo3szl5iUDPpXQDX/n728vMtNCmF7A3yL3sW4lXrvYdDC5C6V95cE3+BXDUg
0vVOgQFxgFFiXhkXbEjxENW0cHYHkaZ08RrHhBP7euSrDDeP+WLsug8dgsN0VspS
iwgm3L9PP2EYAfaIdvsP3oyiW/dn+qC1YLZEp/M7HGjtxc5wY2dujVq8VQR8D8sW
C9MMorq4ZpR+vRFZzrOnizqAHtAaN2s5RDkiRl6iZk6k/I0k4vm46CTXs6Z42D0o
cgYzbe1UtjsE0H4ZRetmySuIyB6AymJrBsIUl9QEtv8Di33CgyAZXo9Qufs0vhzq
SZYao4Ma2diV6RUEmUaq
=kMYF
-----END PGP SIGNATURE-----

--5K2jcQE2VsMuBWIXg3N465aajFNOcwA9v--

--===============9014264151200148982==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnRvci10YWxrIG1haWxpbmcgbGlzdCAtIHRvci10YWxrQGxpc3RzLnRvcnByb2plY3Qub3Jn
ClRvIHVuc3Vic2NyaWJlIG9yIGNoYW5nZSBvdGhlciBzZXR0aW5ncyBnbyB0bwpodHRwczovL2xp
c3RzLnRvcnByb2plY3Qub3JnL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby90b3ItdGFsawo=

--===============9014264151200148982==--

