run Tor under dedicated user

This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

lfs/tor

@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 34
+PAK_VER    = 35
 
 DEPS       = ""
 
@@ -82,8 +82,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 			--prefix=/usr \
 			--sysconfdir=/etc \
 			--localstatedir=/var \
-			--with-tor-user=nobody \
-			--with-tor-group=nobody
+			--with-tor-user=tor \
+			--with-tor-group=tor
 
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install

src/paks/tor/install.sh

@@ -17,11 +17,24 @@
 # along with IPFire; if not, write to the Free Software                    #
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
 #                                                                          #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+# Copyright (C) 2007-2019 IPFire-Team <info@ipfire.org>.                   #
 #                                                                          #
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+
+# Run Tor as dedicated user and make sure user and group exist
+if ! getent group tor &>/dev/null; then
+       groupadd -g 119 tor
+fi
+
+if ! getent passwd tor; then
+       useradd -u 119 -g tor -d /var/empty -s /bin/false tor
+
+       # Adjust some folder permission for new UID/GID
+       chown -R tor:tor /var/lib/tor /var/ipfire/tor
+fi
+
 extract_files
 restore_backup ${NAME}
 start_service --background ${NAME}