[Pkg-privacy-maintainers] Bug#1125775: torsocks: library not in search path, leaks user IP to endpoint

Salvatore Bonaccorso carnil at debian.org
Sat Jan 17 11:04:50 GMT 2026 

Hi,

[not the maintainers here, but I'm adding intrigeri as well explicitly
for input on the change below, and this is only a preliminary cursory
look after it was raised in #debian-security IRC channel]

On Sat, Jan 17, 2026 at 09:44:44AM +0000, cacin at allfreemail.net wrote:
> Package: torsocks
> Version: 2.5.0-1
> Severity: critical
> Tags: security
> Justification: breaks unrelated software
> X-Debbugs-Cc: cacin at allfreemail.net, Debian Security Team <team at security.debian.org>
> 
> No AI was used at any stage of this bugreport.
> 
> Installing torsocks, when all the libraries it depends on (except libtorsocks)
> are already installed, results in a non-working torsocks. Due to the nature of
> what torsocks is used for, this is security-related. Additionally, non-working
> torsocks breaks the expected functionality of unrelated packages.
> 
> There are many ways in which torsocks can fail or not work, but they are either
> well-known or documented (e.g. torsocks does not work with go-based programs),
> and fixing that would require extensive changes, but that is not the point of
> this bugreport.
> 
> There exists a serious bug in the packaging of torsocks, meaning not with
> torsocks itself, but with how torsocks is being installed by the debian
> package.
> 
> On debian 13 (trixie), torsocks has the following dependencies, and all of the
> listed libraries (except libtorsocks) are already installed on a default debian
> 13 installation with xfce as the desktop environment:
> ```
> $ apt depends torsocks libtorsocks tor
> torsocks
>   Depends: libtorsocks (>= 2.5.0-1)
>   Depends: libtorsocks (<< 2.5.0-1.1~)
>   Recommends: tor
> libtorsocks
>   Depends: libc6 (>= 2.38)
>   Breaks: torsocks (<< 2.4.0-3)
>   Recommends: torsocks
>   Replaces: torsocks (<< 2.4.0-3)
> tor
>   Depends: libc6 (>= 2.38)
>   Depends: libcap2 (>= 1:2.10)
>   Depends: libevent-2.1-7t64 (>= 2.1.8-stable)
>   Depends: liblzma5 (>= 5.1.1alpha+20120614)
>   Depends: libseccomp2 (>= 0.0.0~20120605)
>   Depends: libssl3t64 (>= 3.0.0)
>   Depends: libsystemd0
>   Depends: libzstd1 (>= 1.5.5)
>   Depends: zlib1g (>= 1:1.1.4)
>   Depends: adduser
>   Depends: runit-helper (>= 2.14.0~)
>   Depends: lsb-base
>     sysvinit-utils
>   Conflicts: <libssl0.9.8> (<< 0.9.8g-9)
>   Breaks: runit (<< 2.1.2-51~)
>   Recommends: logrotate
>   Recommends: tor-geoipdb
>   Recommends: torsocks
> ```
> 
> Installing torsocks on such a system will not install any new libraries (except
> libtorsocks):
> ```
> # apt -V install torsocks
> Installing:
>    torsocks (2.5.0-1)
> 
> Installing dependencies:
>    libtorsocks (2.5.0-1)
>    tor (0.4.8.16-1)
>    tor-geoipdb (0.4.8.16-1)
> 
> Suggested packages:
>    mixmaster
>    torbrowser-launcher (0.3.7-3)
>    socat (1.8.0.3-1)
>    apparmor-utils (4.1.0-1)
>    nyx (2.1.0-3)
>    obfs4proxy (0.0.14-2+b5)
> 
> Summary:
>   Upgrading: 0, Installing: 4, Removing: 0, Not Upgrading: 3
>   Download size: 4563 kB
>   Space needed: 26.6 MB / 7590 MB available
> 
> Continue? [Y/n] y
> Get:1 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 2.5.0-1 [67.5 kB]
> Get:2 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 [2054 kB]
> Get:3 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all 0.4.8.16-1 [2413 kB]
> Get:4 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 [27.6 kB]
> Fetched 4563 kB in 0s (31.4 MB/s)
> Selecting previously unselected package libtorsocks:amd64.
> (Reading database ... 103713 files and directories currently installed.)
> Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ...
> Unpacking libtorsocks:amd64 (2.5.0-1) ...
> Selecting previously unselected package tor.
> Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ...
> Unpacking tor (0.4.8.16-1) ...
> Selecting previously unselected package tor-geoipdb.
> Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ...
> Unpacking tor-geoipdb (0.4.8.16-1) ...
> Selecting previously unselected package torsocks.
> Preparing to unpack .../torsocks_2.5.0-1_all.deb ...
> Unpacking torsocks (2.5.0-1) ...
> Setting up tor (0.4.8.16-1) ...
> Something or somebody made /var/lib/tor disappear.
> Creating one for you again.
> Something or somebody made /var/log/tor disappear.
> Creating one for you again.
> Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → '/usr/lib/systemd/system/tor.service'.
> Setting up libtorsocks:amd64 (2.5.0-1) ...
> Setting up tor-geoipdb (0.4.8.16-1) ...
> Setting up torsocks (2.5.0-1) ...
> Processing triggers for man-db (2.13.1-1) ...
> ```
> 
> Attempting to run torsocks right after installing it results in it failing:
> ```
> $ torsocks /bin/true
> ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
> ```
> 
> The reason why this bug is serious is because a user might attempt to run
> torsocks immediately after installing it, relying on sending the data through
> the tor network instead of through their regular internet connection, and thus
> the user's IP address is revealed to the endpoint:
> ```
> $ torsocks curl https://check.torproject.org/api/ip
> ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
> {"IsTor":false,"IP":"<redacted real IP address>"}
> ```
> 
> Running strace reveals that libtorsocks.so is not found, because it is located
> in the /usr/lib/x86_64-linux-gnu/torsocks/ directory, and that directory is not
> being searched:
> ```
> $ strace -e openat,newfstatat torsocks /bin/true
> openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
> newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
> openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1191, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1193, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1197, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1203, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1204, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1205, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
> newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
> openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=94208, ...}, 0) = 0
> openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=94208, ...}, 0) = 0
> openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
> openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffe2ac4b250, 0) = -1 ENOENT (No such file or directory)
> openat(AT_FDCWD, "/usr/lib/libtorsocks.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
> newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
> ERROR: ld.so: object 'libtorsocks.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> +++ exited with 0 +++
> ```
> 
> Checking which libraries are cached in /etc/ld.so.cache shows that there is no
> mention of libtorsocks:
> ```
> $ /sbin/ldconfig -p | grep libtorsocks
> [no output here]
> ```
> 
> Regenerating the /etc/ld.so.cache and checking for presence of libtorsocks
> again:
> ```
> # ldconfig
> $ /sbin/ldconfig -p | grep libtorsocks
>         libtorsocks.so.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0
>         libtorsocks.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so
> ```
> 
> Running strace again shows that libtorsocks.so is immediately found:
> ```
> $ strace -e openat,newfstatat torsocks /bin/true
> openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> newfstatat(AT_FDCWD, "/home/user", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
> newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0700, st_size=4096, ...}, 0) = 0
> openat(AT_FDCWD, "/usr/bin/torsocks", O_RDONLY) = 3
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2752, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2754, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2758, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2764, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2765, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2766, si_uid=1000, si_status=0, si_utime=0, si_stime=0} ---
> newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
> newfstatat(AT_FDCWD, "/bin/true", {st_mode=S_IFREG|0755, st_size=43432, ...}, 0) = 0
> openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
> openat(AT_FDCWD, "/etc/tor/torsocks.conf", O_RDONLY) = 3
> +++ exited with 0 +++
> ```
> 
> Running torsocks again after regenerating the cache makes the error message
> disappear and torsocks works fine, the IP address is the address of the tor
> exit node instead of the IP address of the user:
> ```
> $ torsocks curl https://check.torproject.org/api/ip
> {"IsTor":true,"IP":"185.220.101.13"}
> ```
> 
> For comparison, if torsocks is installed on a system that doesn't have all the
> libraries already, such as on a headless system with no desktop environment:
> ```
> # sudo apt -V install torsocks
> Installing:
>    torsocks (2.5.0-1)
> 
> Installing dependencies:
>    libevent-2.1-7t64 (2.1.12-stable-10+b1)
>    libtorsocks (2.5.0-1)
>    tor (0.4.8.16-1)
>    tor-geoipdb (0.4.8.16-1)
> 
> Suggested packages:
>    mixmaster
>    torbrowser-launcher (0.3.7-3)
>    socat (1.8.0.3-1)
>    apparmor-utils (4.1.0-1)
>    nyx (2.1.0-3)
>    obfs4proxy (0.0.14-2+b5)
> 
> Summary:
>   Upgrading: 0, Installing: 5, Removing: 0, Not Upgrading: 0
>   Download size: 4744 kB
>   Space needed: 27.0 MB / 10.5 GB available
> 
> Continue? [Y/n] y
> Get:1 http://deb.debian.org/debian trixie/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10+b1 [182 kB]
> Get:2 http://deb.debian.org/debian trixie/main amd64 libtorsocks amd64 2.5.0-1 [67.5 kB]
> Get:3 http://deb.debian.org/debian trixie/main amd64 tor amd64 0.4.8.16-1 [2054 kB]
> Get:4 http://deb.debian.org/debian trixie/main amd64 tor-geoipdb all 0.4.8.16-1 [2413 kB]
> Get:5 http://deb.debian.org/debian trixie/main amd64 torsocks all 2.5.0-1 [27.6 kB]
> Fetched 4744 kB in 0s (37.6 MB/s)
> Selecting previously unselected package libevent-2.1-7t64:amd64.
> (Reading database ... 28823 files and directories currently installed.)
> Preparing to unpack .../libevent-2.1-7t64_2.1.12-stable-10+b1_amd64.deb ...
> Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ...
> Selecting previously unselected package libtorsocks:amd64.
> Preparing to unpack .../libtorsocks_2.5.0-1_amd64.deb ...
> Unpacking libtorsocks:amd64 (2.5.0-1) ...
> Selecting previously unselected package tor.
> Preparing to unpack .../tor_0.4.8.16-1_amd64.deb ...
> Unpacking tor (0.4.8.16-1) ...
> Selecting previously unselected package tor-geoipdb.
> Preparing to unpack .../tor-geoipdb_0.4.8.16-1_all.deb ...
> Unpacking tor-geoipdb (0.4.8.16-1) ...
> Selecting previously unselected package torsocks.
> Preparing to unpack .../torsocks_2.5.0-1_all.deb ...
> Unpacking torsocks (2.5.0-1) ...
> Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10+b1) ...
> Setting up tor (0.4.8.16-1) ...
> Something or somebody made /var/lib/tor disappear.
> Creating one for you again.
> Something or somebody made /var/log/tor disappear.
> Creating one for you again.
> Created symlink '/etc/systemd/system/multi-user.target.wants/tor.service' → '/usr/lib/systemd/system/tor.service'.
> Setting up libtorsocks:amd64 (2.5.0-1) ...
> Setting up tor-geoipdb (0.4.8.16-1) ...
> Setting up torsocks (2.5.0-1) ...
> Processing triggers for man-db (2.13.1-1) ...
> Processing triggers for libc-bin (2.41-12+deb13u1) ...
> ```
> 
> Notice the last line of that log: "Processing triggers for libc-bin (2.41-12+deb13u1) ...".
> This line was missing when installing torsocks on debian 13 with xfce.
> 
> This line is emitted in this instance because the libevent-2.1-7t64 library was
> not installed on the system before attempting to install torsocks, and
> installing it led to the regeneration of /etc/ld.so.cache and because the cache
> is regenerated, libtorsocks is found:
> ```
> $ /sbin/ldconfig -p | grep libtorsocks
>         libtorsocks.so.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so.0
>         libtorsocks.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/torsocks/libtorsocks.so
> ```
> 
> And torsocks immediately works after installing it, with no error message, and
> the IP address is the IP of the tor exit node, not the user.
> ```
> $ torsocks curl https://check.torproject.org/api/ip
> {"IsTor":true,"IP":"107.189.3.94"}
> ```
> 
> This problem did not exist on debian 12 (bookworm). It was introduced in
> torsocks 2.5.0-1, I see a few mentions in the changelog [1] for that version
> about how the library is packaged. Most suspect are the changes to the
> debian/rules file [2].
> 
> ldconfig has to be run as part of the package installation, or the libtorsocks
> package has to be changed to somehow make the system know to regenerate the
> library cache.
> 
> Some users will accidentally avoid the problem, if they install some package
> that installs libraries to the system, after installing torsocks, if that leads
> to the library cache regeneration.
> 
> By the way torsocks is one of the 3 packages (fakechroot, fakeroot, torsocks)
> in all of debian that has the Lintian tag: package-modifies-ld.so-search-path
> and unlike fakechroot, it is not overridden [3].
> 
> As a final note I am aware of at least one system that has an automated script
> that installs torsocks, checks if the installation succeeded, checks if the tor
> service is running, and tries to send some data through torsocks immediately
> afterwards. This has led to revealing the IP address of that system to the
> endpoint. So the bug is not just a theoretical problem.
> 
> [1] https://tracker.debian.org/media/packages/t/torsocks/changelog-2.5.0-1
> [2] https://salsa.debian.org/pkg-privacy-team/torsocks/-/commits/debian/2.5.0-1/debian/rules
> [3] https://udd.debian.org/lintian-tag/package-modifies-ld.so-search-path?affected=yes

It looks that in debian/rules the call for dh_makeshlibs is explicitly
overriden, otherwise a trigger for registering 'activate-nowait
ldconfig' would be generated. This should resolve the issue, but then
one needs to explicitly override both

E: libtorsocks: package-modifies-ld.so-search-path [etc/ld.so.conf.d/torsocks-x86_64-linux-gnu.conf]
W: libtorsocks: package-has-unnecessary-activation-of-ldconfig-trigger

because then this would be actually intended? intrigeri is this
correct?

Regards,
Salvatore

More information about the Pkg-privacy-maintainers mailing list