certificates should not be owned by tor2web user

[moba]

Looks like tor2web requires it certificates to be readable as tor2web user. This is not a major bug, but should be addressed.

Maybe it would make sense to reduce tor2web to a local HTTP server meant to be used behind a proper webserver like nginx.

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[fpietrosanti]

Tor2web software is designed to handle https traffic without any additional proxy, in order to keep simplicity and self-contained software

[moba]

You only commented on the additional feedback, not the real issue. I don't care about the scope of the project. I care about the security implications of having certificates lying around owned by the tor2web user. If you want to properly support HTTPS, you have to support root-owned certificates. Everything else is a security nightmare.

[fpietrosanti]

Ah, got it! You are right!

Tor2web should read it's configuration and support files (like certificates) before dropping the uid/gid becoming tor2web users. That way it could be root owned and 600 permission.

Re-opening and applying "Bug" label.

[evilaliv3]

@fpietrosanti / @moba: no we cant' have certificates owned by an user different from tor2web as the workers processes need to be respawned at runtime and re-read the certificate;

the only thing that we can do is to have the father process maintain the root priviledges so that it can spawn root proicesses (the workers); so a workers borning with root priviledges could read the certificate and then loose priviledges. by the way i don't know if this is more risky....