[tahoe-lafs-trac-stream] [tahoe-lafs] #982: grsec disallows tahoe from learning its own IP address
tahoe-lafs
trac at tahoe-lafs.org
Thu Jun 27 01:55:22 UTC 2013
#982: grsec disallows tahoe from learning its own IP address
-------------------------+------------------------------------------------
Reporter: ioerror | Owner: ioerror
Type: defect | Status: new
Priority: minor | Milestone: undecided
Component: code | Version: 1.6.0
Resolution: | Keywords: security grsec iputil transparency
Launchpad Bug: |
-------------------------+------------------------------------------------
Changes (by daira):
* owner: warner => ioerror
Comment:
Replying to [comment:2 ioerror]:
> It seems that Tahoe will call ifconfig and it won't work in "high"
security mode.
> Tahoe calls ifconfig to determine it's network location.
> grsec doesn't allow /proc/net/dev for non-root users.
> ifconfig complains to stderr message (as listed above), Tahoe sees this
message and getmyipaddr() returns None. In addition if tub.location is not
set then the node will have no location, concludes it will be unable to
start up, and bails with aus.abort().
This ''might'' be fixed on trunk; it depends on whether '{{{ip addr}}}'
has the same problem as '{{{ifconfig}}}'. I don't have grsec enabled in
order to test this (and don't want to enable it because I don't have time
to fix anything it breaks).
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/982#comment:13>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list