[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.7.6
Severity: Normal | Resolution:
Keywords: obfs4proxy, systemd, jessie, tor-pt | Actual Points:
Parent ID: | Points: 15
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by dcf):
* cc: dcf (added)
Comment:
I didn't know about this ticket when I filed a Debian bug yesterday:
[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865495 tor >=
0.2.7.4-rc-1 renders CAP_NET_BIND_SERVICE on server transport plugins
ineffective]
I tried various versions of the Debian package and found that the first
version that doesn't allow server transport plugins to bind to low ports
is 0.2.7.4-rc-1.
The workaround of setting `NoNewPrivileges=no` in
`/lib/systemd/system/tor@default.service` and
`/lib/systemd/system/tor@.service` also worked in my case. This is on
Debian 9 (stretch) with tor 0.2.9.11-1~deb9u1. After modifying the
.service files, I had to run:
{{{
systemctl daemon-reload
service tor restart
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs