Ubuntu
tor package

vidalia 0.2.15-1 is not able to start tor without root priviledges

Bug #911723 reported by Sasa Paporovic
40
This bug affects 8 people
Affects Status Importance Assigned to Milestone
tor (Ubuntu)
Invalid
Undecided
Unassigned
vidalia (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Iǘe just installed vidalia and tried to start it with simpe user rights, which is allowed to start vidalia during istallation/configuration dialog.

Thats not working and the vidalia log says:

Jan 04 12:45:00.705 [Hinweis] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux x86_64)
Jan 04 12:45:00.706 [Hinweis] Initialized libevent version 2.0.16-stable using method epoll. Good.
Jan 04 12:45:00.706 [Hinweis] Opening Socks listener on 127.0.0.1:9050
Jan 04 12:45:00.706 [Warnung] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
Jan 04 12:45:00.706 [Warnung] /var/run/tor is not owned by this user (user, 1000) but by debian-tor (117). Perhaps you are running Tor as the wrong user?
Jan 04 12:45:00.706 [Warnung] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible only by the user account that is running Tor. (On some Unix systems, anybody who can list a socket can conect to it, so Tor is being careful.)
Jan 04 12:45:00.706 [Warnung] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 04 12:45:00.706 [Fehler] Reading config failed--see warnings above.

So, starting terminal and use "sudo vidalia" works, but I feel a bit unhappy with runnig tor as root.

As sudoer there are no problems with tor and port binding as far as I can see.

I wide sense this affecting security. I going to enable the ckeckbox for this.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: vidalia 0.2.15-1
ProcVersionSignature: Ubuntu 3.2.0-7.13-generic 3.2.0-rc7
Uname: Linux 3.2.0-7-generic x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Wed Jan 4 12:52:31 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: vidalia
UpgradeStatus: Upgraded to precise on 2011-12-31 (3 days ago)

Revision history for this message
Sasa Paporovic (melchiaros) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
security vulnerability: yes → no
visibility: private → public
visibility: private → public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tor (Ubuntu):
status: New → Confirmed
Changed in vidalia (Ubuntu):
status: New → Confirmed
Revision history for this message
Linuxexperte (andrea-koeth) wrote :

hi people,

I just installed the deb-repository from this project-group here:

https://www.torproject.org/docs/debian.html.en

I did everything according to their instruction and ran into the exactly same thing.

I also get the same error-messages as stated above. Also doeing these steps from here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642223

did not do the trick. So my question is: how to manage it, to run vidalia as normal user?? Also doeing the things stated in the manual also did not help anything. Does anybody have a solution?? The thing is: I do not really want to run it as root! And I am also not willing to set up a root-account only for this, because this would cause a real security-issue!!

Greetings
Linuxexperte

Revision history for this message
Linuxexperte (andrea-koeth) wrote :

hi people,

I searched onwards yesterday and found the solution to this thing. How to get this working again as user?

OK, do the following steps:

1. first open your Terminal and enter this command:

sudo chown debian-tor /etc/tor -R

2. Then follows this command in your Terminal:

sudo update-rc.d -f tor remove

3. Then follows this Terminal-command:

sudo pkill -x tor

4. Then close your Terminal and restart your system.

Question: why are these steps necessary?
The reason is, because as soon, as you install vidalia, it starts a hidden daemon and this starts the vidalia-process. So if you want to start vidalia manually, the user does not know about this hidden process. And before one can start this thing manually as user, this hidden process needs to be stopped!

5. As soon as you are back on your desktop, go to your menu and open your vidalia-settings. There you know have to open
this control-port.

More information, you will find here:

http://wiki.ubuntuusers.de/Vidalia?highlight=vidalia#Zugriffsrechte-auf-Tor-Konfiguration

On this site, scroll down nearly until the end until the header "Tor already runs, but got stopped unexpectedly". There you will finde more information about this. There this bug is already described.

But: the truth is: you do no longer need this package, because the developer-group had launched a new Tor-Bundle, which already contains vidalia.

For installing this new Tor-Bundle, follow the instruction from here:

http://www.youtube.com/watch?v=6UBb3BTthJc

I did this instruction in Cinnamon and I can confirm, that this works out in Cinnamon.

Then after having done this instruction from the video, go back to your menue and start Tor-browser. This immediatelly launches vidalia and please wait a bit until vidalia automaticly starts Tor-Browser.

And what the good thing is: all Add-ons from Firefox also work in Tor-Browser, because Tor-Browser itself is based on Firefox.

So this instruction-steps solve up this issue and this bug can be closed.

Revision history for this message
Eugene (varnav) wrote :

I confirm this. Vidalia, if installed, will not work without some complicated configuration steps.
Steps are described here:
http://www.noobrescue.com/blog/vidalia-detected-that-the-tor-software-exited-unexpectedly

But it's absolutely user unfriendly. These days, when we now know about PRISM, tor and vidalia are very important.

Revision history for this message
Linuxexperte (andrea-koeth) wrote : Re: [Bug 911723] Re: vidalia 0.2.15-1 is not able to start tor without root priviledges

Am 30.07.2013 15:59, schrieb Eugene:
> I confirm this. Vidalia, if installed, will not work without some complicated configuration steps.
> Steps are described here:
> http://www.noobrescue.com/blog/vidalia-detected-that-the-tor-software-exited-unexpectedly
>
> But it's absolutely user unfriendly. These days, when we now know about
> PRISM, tor and vidalia are very important.
>
 hi Eugene,

Vidalia as well as TrueCrypt are no longer secure. The NSA already had
the general keys to crack the
encryption of Vidalia and TOR as well as of TrueCrypt. TrueCrypt is a
us-Program and has backdoors for
the us-secret-services.

And the NSA is also already in Linux. Have you ever heard about
SE-Linux? If not, then look here:

http://www.nsa.gov/research/selinux/

Or also inside your Synaptics. So these encryptions are no longer secure
as the NSA owns the general keys
and is in this way able to read and enter all our files inside our
computers, Smartphones, Tablets and Notebooks.
So TOR and all these encrypted communications are no longer secure.
That's the real problem behind it.

So I think, the best way is, to invent a completely new encryption,
which the NSA could not hack. And the other thing is
that NSA is already boosting up its serverfarms with new datacenters in
Utah with a capacity or more than 5 Zettabyte
(that's about 5 Millions harddiscs of 1 Terabyte!)!!

Greetings
Linuxexperte

Revision history for this message
Tiago Faria (gouki) wrote : Re: [Bug 911723] Re: vidalia 0.2.15-1 is not able to start tor without root priviledges
Download full text (4.3 KiB)

ROFL! Thank you for that Expert.

I'm gonna go now, I'm inventing a new encryption. TTYL.

Tiago (<email address hidden>)
-----Original Message-----
From: Linuxexperte <email address hidden>
Sender: <email address hidden>
Date: Tue, 30 Jul 2013 16:54:37
To: <email address hidden>
Reply-To: Bug 911723 <email address hidden>
Subject: Re: [Bug 911723] Re: vidalia 0.2.15-1 is not able to start tor
 without root priviledges

Am 30.07.2013 15:59, schrieb Eugene:
> I confirm this. Vidalia, if installed, will not work without some complicated configuration steps.
> Steps are described here:
> http://www.noobrescue.com/blog/vidalia-detected-that-the-tor-software-exited-unexpectedly
>
> But it's absolutely user unfriendly. These days, when we now know about
> PRISM, tor and vidalia are very important.
>
 hi Eugene,

Vidalia as well as TrueCrypt are no longer secure. The NSA already had
the general keys to crack the
encryption of Vidalia and TOR as well as of TrueCrypt. TrueCrypt is a
us-Program and has backdoors for
the us-secret-services.

And the NSA is also already in Linux. Have you ever heard about
SE-Linux? If not, then look here:

http://www.nsa.gov/research/selinux/

Or also inside your Synaptics. So these encryptions are no longer secure
as the NSA owns the general keys
and is in this way able to read and enter all our files inside our
computers, Smartphones, Tablets and Notebooks.
So TOR and all these encrypted communications are no longer secure.
That's the real problem behind it.

So I think, the best way is, to invent a completely new encryption,
which the NSA could not hack. And the other thing is
that NSA is already boosting up its serverfarms with new datacenters in
Utah with a capacity or more than 5 Zettabyte
(that's about 5 Millions harddiscs of 1 Terabyte!)!!

Greetings
Linuxexperte

--
You received this bug notification because you are subscribed to tor in
Ubuntu.
https://bugs.launchpad.net/bugs/911723

Title:
  vidalia 0.2.15-1 is not able to start tor without root priviledges

Status in “tor” package in Ubuntu:
  Confirmed
Status in “vidalia” package in Ubuntu:
  Confirmed

Bug description:
  Iǘe just installed vidalia and tried to start it with simpe user
  rights, which is allowed to start vidalia during
  istallation/configuration dialog.

  Thats not working and the vidalia log says:

  Jan 04 12:45:00.705 [Hinweis] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux x86_64)
  Jan 04 12:45:00.706 [Hinweis] Initialized libevent version 2.0.16-stable using method epoll. Good.
  Jan 04 12:45:00.706 [Hinweis] Opening Socks listener on 127.0.0.1:9050
  Jan 04 12:45:00.706 [Warnung] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
  Jan 04 12:45:00.706 [Warnung] /var/run/tor is not owned by this user (user, 1000) but by debian-tor (117). Perhaps you are running Tor as the wrong user?
  Jan 04 12:45:00.706 [Warnung] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible onl...

Read more...

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

This is not a bug in Tor but in Vidalia, that was removed from the archive in 2015.

Changed in tor (Ubuntu):
status: Confirmed → Invalid
Unit 193 (unit193)
Changed in vidalia (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.