[Pkg-privacy-maintainers] Bug#1125775: torsocks: library not in search path, leaks user IP to endpoint
cacin at allfreemail.net
cacin at allfreemail.net
Sat Jan 17 09:44:44 GMT 2026
Package: torsocks
Version: 2.5.0-1
Severity: critical
Tags: security
Justification: breaks unrelated software
X-Debbugs-Cc: cacin at allfreemail.net, Debian Security Team <team at security.debian.org>
No AI was used at any stage of this bugreport.
Installing torsocks, when all the libraries it depends on (except libtorsocks)
are already installed, results in a non-working torsocks. Due to the nature of
what torsocks is used for, this is security-related. Additionally, non-working
torsocks breaks the expected functionality of unrelated packages.
There are many ways in which torsocks can fail or not work, but they are either
well-known or documented (e.g. torsocks does not work with go-based programs),
and fixing that would require extensive changes, but that is not the point of
this bugreport.
There exists a serious bug in the packaging of torsocks, meaning not with
torsocks itself, but with how torsocks is being installed by the debian
package.
On debian 13 (trixie), torsocks has the following dependencies, and all of the
listed libraries (except libtorsocks) are already installed on a default debian
13 installation with xfce as the desktop environment:
```
$ apt depends torsocks libtorsocks tor
torsocks
Depends: libtorsocks (>= 2.5.0-1)
Depends: libtorsocks (<< 2.5.0-1.1~)
Recommends: tor
libtorsocks
Depends: libc6 (>= 2.38)
Breaks: torsocks (<< 2.4.0-3)
Recommends: torsocks
Replaces: torsocks (<< 2.4.0-3)
tor
Depends: libc6 (>= 2.38)
Depends: libcap2 (>= 1:2.10)
Depends: libevent-2.1-7t64 (>= 2.1.8-stable)
Depends: liblzma5 (>= 5.1.1alpha+20120614)
Depends: libseccomp2 (>= 0.0.0~20120605)
Depends: libssl3t64 (>= 3.0.0)
Depends: libsystemd0
Depends: libzstd1 (>= 1.5.5)
Depends: zlib1g (>= 1:1.1.4)
Depends: adduser
Depends: runit-helper (>= 2.14.0~)
Depends: lsb-base
sysvinit-utils
Conflicts: <libssl0.9.8> (<< 0.9.8g-9)
Breaks: runit (<< 2.1.2-51~)
Recommends: logrotate
Recommends: tor-geoipdb
Recommends: torsocks
```
Installing torsocks on such a system will not install any new libraries (except
libtorsocks):
```
# apt -V install torsocks
Installing:
torsocks (2.5.0-1)
Installing dependencies:
libtorsocks (2.5.0-1)
tor (0.4.8.16-1)
tor-geoipdb (0.4.8.16-1)
Suggested packages:
mixmaster
torbrowser-launcher (0.3.7-3)
socat (1.8.0.3-1)
apparmor-utils (4.1.0-1)
nyx (2.1.0-3)
obfs4proxy (0.0.14-2+b5)
Summary:
Upgrading: 0, Installing: 4, Removing: 0, Not Upgrading: 3
Download size: 4563 kB
Space needed: 26.6 MB / 7590 MB available
Continue? [Y/n] y
Get:1 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 2.5.0-1 [67.5 kB]
Get:2 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 [2054 kB]
Get:3 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all 0.4.8.16-1 [2413 kB]
Get:4 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 [27.6 kB]
Fetched 4563 kB in 0s (31.4 MB/s)
Selecting previously unselected package libtorsocks:amd64.
(Reading database ... 103713 files and directories currently installed.)
Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ...
Unpacking libtorsocks:amd64 (2.5.0-1) ...
Selecting previously unselected package tor.
Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ...
Unpacking tor (0.4.8.16-1) ...
Selecting previously unselected package tor-geoipdb.
Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ...
Unpacking tor-geoipdb (0.4.8.16-1) ...
Selecting previously unselected package torsocks.
Preparing to unpack .../torsocks_2.5.0-1_all.deb ...
Unpacking torsocks (2.5.0-1) ...
Setting up tor (0.4.8.16-1) ...
Something or somebody made /var/lib/tor disappear.
Creating one for you again.
Something or somebody made /var/log/tor disappear.
Creating one for you again.
Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → '/usr/lib/systemd/system/tor.service'.
Setting up libtorsocks:amd64 (2.5.0-1) ...
Setting up tor-geoipdb (0.4.8.16-1) ...
Setting up torsocks (2.5.0-1) ...
Processing triggers for man-db (2.13.1-1) ...
```
Attempting to run torsocks right after installing it results in it failing:
```
$ torsocks /bin/true
ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
```
The reason why this bug is serious is because a user might attempt to run
torsocks immediately after installing it, relying on sending the data through
the tor network instead of through their regular internet connection, and thus
the user's IP address is revealed to the endpoint:
```
$ torsocks curl https://check.torproject.org/api/ip
ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
{"IsTor":false,"IP":"<redacted real IP address>"}
```
Running strace reveals that libtorsocks.so is not found, because it is located
in the /usr/lib/x86_64-linux-gnu/torsocks/ directory, and that directory is not
being searched:
```
$ strace -e openat,newfstatat torsocks /bin/true
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1191, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1193, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1197, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1203, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1204, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1205, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=94208, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=94208, ...}, 0) = 0
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
+++ exited with 0 +++
```
Checking which libraries are cached in /etc/ld.so.cache shows that there is no
mention of libtorsocks:
```
$ /sbin/ldconfig -p | grep libtorsocks
[no output here]
```
Regenerating the /etc/ld.so.cache and checking for presence of libtorsocks
again:
```
# ldconfig
$ /sbin/ldconfig -p | grep libtorsocks
libtorsocks.so.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0
libtorsocks.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so
```
Running strace again shows that libtorsocks.so is immediately found:
```
$ strace -e openat,newfstatat torsocks /bin/true
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2752, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2754, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2758, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2764, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2765, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2766, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/tor/torsocks.conf", O_RDONLY) = 3
+++ exited with 0 +++
```
Running torsocks again after regenerating the cache makes the error message
disappear and torsocks works fine, the IP address is the address of the tor
exit node instead of the IP address of the user:
```
$ torsocks curl https://check.torproject.org/api/ip
{"IsTor":true,"IP":"185.220.101.13"}
```
For comparison, if torsocks is installed on a system that doesn't have all the
libraries already, such as on a headless system with no desktop environment:
```
# sudo apt -V install torsocks
Installing:
torsocks (2.5.0-1)
Installing dependencies:
libevent-2.1-7t64 (2.1.12-stable-10+b1)
libtorsocks (2.5.0-1)
tor (0.4.8.16-1)
tor-geoipdb (0.4.8.16-1)
Suggested packages:
mixmaster
torbrowser-launcher (0.3.7-3)
socat (1.8.0.3-1)
apparmor-utils (4.1.0-1)
nyx (2.1.0-3)
obfs4proxy (0.0.14-2+b5)
Summary:
Upgrading: 0, Installing: 5, Removing: 0, Not Upgrading: 0
Download size: 4744 kB
Space needed: 27.0 MB / 10.5 GB available
Continue? [Y/n] y
Get:1 http://deb.debian.org/debian trixie/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10+b1 [182 kB]
Get:2 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 2.5.0-1 [67.5 kB]
Get:3 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 [2054 kB]
Get:4 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all 0.4.8.16-1 [2413 kB]
Get:5 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 [27.6 kB]
Fetched 4744 kB in 0s (37.6 MB/s)
Selecting previously unselected package libevent-2.1-7t64:amd64.
(Reading database ... 28823 files and directories currently installed.)
Preparing to unpack .../libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ...
Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ...
Selecting previously unselected package libtorsocks:amd64.
Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ...
Unpacking libtorsocks:amd64 (2.5.0-1) ...
Selecting previously unselected package tor.
Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ...
Unpacking tor (0.4.8.16-1) ...
Selecting previously unselected package tor-geoipdb.
Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ...
Unpacking tor-geoipdb (0.4.8.16-1) ...
Selecting previously unselected package torsocks.
Preparing to unpack .../torsocks_2.5.0-1_all.deb ...
Unpacking torsocks (2.5.0-1) ...
Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ...
Setting up tor (0.4.8.16-1) ...
Something or somebody made /var/lib/tor disappear.
Creating one for you again.
Something or somebody made /var/log/tor disappear.
Creating one for you again.
Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → '/usr/lib/systemd/system/tor.service'.
Setting up libtorsocks:amd64 (2.5.0-1) ...
Setting up tor-geoipdb (0.4.8.16-1) ...
Setting up torsocks (2.5.0-1) ...
Processing triggers for man-db (2.13.1-1) ...
Processing triggers for libc-bin (2.41-12+deb13u1) ...
```
Notice the last line of that log: "Processing triggers for libc-bin (2.41-12+deb13u1) ...".
This line was missing when installing torsocks on debian 13 with xfce.
This line is emitted in this instance because the libevent-2.1-7t64 library was
not installed on the system before attempting to install torsocks, and
installing it led to the regeneration of /etc/ld.so.cache and because the cache
is regenerated, libtorsocks is found:
```
$ /sbin/ldconfig -p | grep libtorsocks
libtorsocks.so.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0
libtorsocks.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so
```
And torsocks immediately works after installing it, with no error message, and
the IP address is the IP of the tor exit node, not the user.
```
$ torsocks curl https://check.torproject.org/api/ip
{"IsTor":true,"IP":"107.189.3.94"}
```
This problem did not exist on debian 12 (bookworm). It was introduced in
torsocks 2.5.0-1, I see a few mentions in the changelog [1] for that version
about how the library is packaged. Most suspect are the changes to the
debian/rules file [2].
ldconfig has to be run as part of the package installation, or the libtorsocks
package has to be changed to somehow make the system know to regenerate the
library cache.
Some users will accidentally avoid the problem, if they install some package
that installs libraries to the system, after installing torsocks, if that leads
to the library cache regeneration.
By the way torsocks is one of the 3 packages (fakechroot, fakeroot, torsocks)
in all of debian that has the Lintian tag: package-modifies-ld.so-search-path
and unlike fakechroot, it is not overridden [3].
As a final note I am aware of at least one system that has an automated script
that installs torsocks, checks if the installation succeeded, checks if the tor
service is running, and tries to send some data through torsocks immediately
afterwards. This has led to revealing the IP address of that system to the
endpoint. So the bug is not just a theoretical problem.
[1] https://tracker.debian.org/media/packages/t/torsocks/changelog-2.5.0-1
[2] https://salsa.debian.org/pkg-privacy-team/torsocks/-/commits/debian/2.5.0-1/debian/rules
[3] https://udd.debian.org/lintian-tag/package-modifies-ld.so-search-path?affected=yes
-- System Information:
Debian Release: 13.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.63+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages torsocks depends on:
ii libtorsocks 2.5.0-1
Versions of packages torsocks recommends:
ii tor 0.4.8.16-1
torsocks suggests no packages.
-- no debconf information
More information about the Pkg-privacy-maintainers
mailing list