Closed JeremyRand closed 2 years ago
hlandau
commented
2 years ago Can you elaborate on the use case for exit code 0 here? I assume if a process supervised by winsvcwrap exits zero, winsvcwrap will also exit, and the Windows service manager will restart it.
Are you expecting to use winsvcwrap not under the Windows service manager, and if so, can you elaborate on what the requirements for it are?
JeremyRand
commented
2 years ago The intent is that exit code 0 from the supervised process will make winsvcwrap exit (as it does now, with a nonzero winsvcwrap exit code), so that Windows will restart it. The only issue is that I don't want the timing of that restart to be logged (assuming default logging verbosity in xlog). (Will Windows log something about the service restart anyway even if winsvcwrap doesn't? I didn't see anything in the Event Viewer when I checked but I might have missed something.)
If you think it's safer/cleaner to patch StemNS so that it reconnects instead of exiting when Tor restarts, I guess I'm okay with that -- it would help with Whonix/Tails support too, so is maybe cleaner than trying to hack winsvcwrap to restart it silently. Feel free to close this issue if you prefer that I do that.
JeremyRand
commented
2 years ago Actually yeah, I think I'll try patching StemNS. It looks like onion-grater has reference code that should do exactly what I want, and this should solve a blocker for Tails/Whonix support. I'll re-open this issue if that attempt fails.
hlandau
commented
2 years ago Sure. If you do want an option to disable this log message let me know. I'll probably make it an option.
Currently, if the spawned process exits with code 0 (success), winsvcwrap logs severity
Critical: https://github.com/hlandau/winsvcwrap/blob/c0800f931ae97f9662297b22f8c069a488209d05/main.go#L104This is a privacy leak for StemNS, which exits when Tor exits: this allows an attacker inspecting logs to determine forensically when Tor Browser was exited (which resembles the forensic data that was used against Joshua Schulte). From StemNS's perspective, I'd prefer that this be
Debugseverity (matching the other log entries that reveal when Tor Browser usage occurred), with the expectation that if the spawned process encounters some condition that needs to be logged, it will signal this via a nonzero exit code or stderr.