On 2018/01/21 12:35, Sebastien Marie wrote:
> On Sun, Jan 21, 2018 at 10:25:30AM +0000, Stuart Henderson wrote:
> > On 2018-01-20, clematis <clematis@insiberia.net> wrote:
> > > Hello,
> > > 'usewithtor' (torsocks) works fine with ftp and ssh but it will core
> > > with lynx.
> > > running: usewithtor lynx
> > > will start lynx, resolve openbsd.org but core when trying to make the
> > > http connection.
> > > In /var/log/messages I get: /bsd: lynx[26197]: pledge "getpw", syscall 33
> > >
> > > And running gdb lynx then core lynx.core:
> > > ---
> > > Reading symbols from /usr/libexec/ld.so...done.
> > > Loaded symbols for /usr/libexec/ld.so
> > > #0 access () at -:3
> > > 3 -: No such file or directory.
> > > in -
> > > Current language: auto; currently asm
> > > ---
> > >
> > > same result using 'torsocks' directly and not 'usewithtor' or trying
> > > lynx http://openbsd.org
> > >
> > >
> > > Config: OpenBSD current + lynx-2.8.9pl16 + torsocks-1.2p4
> > >
> > > Any idea on how to torify lynx?
> > >
> > > Thanks,
> >
> > What happens if you just replace the getpwuid functions in torsocks
> > with NULL? They don't seem terribly useful for sending to a local tor
> > proxy, they're more relevant for communicating with a standard socks
> > server with authentication (and even then you can pass the username via
> > a config file or environment variable).. Does that make it work or does
> > it then fail on something else?
>
> removing getpw calls is enought: lynx works well with torsocks this way.
>
> in fact, it could reduces a bit the SOCKS support, as for socks4 and
> socks4a the environment variable isn't used (only for socks5). but as
> torsocks explicitly targets Tor proxy, I think it don't bother.
>
> > Otherwise torsocks could wrap the pledge() function to weaken the pledge.
> > It's easy to do but far less appealing.
>
> In fact, I started in this direction... so if you want a working diff to
> add "getpw" in pledge(2) promise, it is available.
>
> but removing getpw calls if far better.
I've sent torsocks MAINTAINER the ports diff to remove getpw*.
Definitely seems the right way to go.
No comments:
Post a Comment