[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit



#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
 Reporter:  irregulator                          |          Owner:  asn
     Type:  defect                               |         Status:  new
 Priority:  Low                                  |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.7.4-rc
 Severity:  Normal                               |     Resolution:
 Keywords:  obfs4proxy, systemd, jessie, tor-pt  |  Actual Points:
Parent ID:                                       |         Points:  15
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by dcf):

 I found an [https://www.sindastra.de/p/788/obfuscate-your-tor-bridge-with-
 obfs4/ obfs4 setup guide by Sindastra] that invents another way to work
 around the problem, using `chattr +i` to prevent `apt` from upgrading the
 systemd files. Some official guidance would help in preventing people from
 inventing suboptimal workarounds like this, I think.

 > Now edit the files `/lib/systemd/system/tor@default.service` and
 `/lib/systemd/system/tor@.service` and in both files change
 `NoNewPrivileges=yes` to `NoNewPrivileges=no` and then execute `systemctl
 daemon-reload` to apply the changes.
 >
 > It can happen, that during an update, the Tor service files will be
 overwritten and the modifications thus removed. This will result in the
 proxy not functioning on the desired port anymore (if below 1024). This
 can be fixed by marking the service files as immutable after modification,
 like this:
 > {{{
 > sudo chattr +i /lib/systemd/system/tor@default.service
 > sudo chattr +i /lib/systemd/system/tor@.service
 > }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs