Re: [tor-bugs] #8195 [Tor]: tor and capabilities

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#8195: tor and capabilities
-------------------------------------------------+-------------------------
 Reporter:  weasel                               |          Owner:
     Type:  enhancement                          |         Status:
 Priority:  Medium                               |  needs_revision
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  tor-relay, security, 026-triaged-1,  |        Version:
  026-deferrable, 027-triaged-1-out,             |     Resolution:
  pre028-patch                                   |  Actual Points:
Parent ID:                                       |         Points:  small
  Sponsor:                                       |
-------------------------------------------------+-------------------------

Comment (by yawning):

 FreeBSD has `capsicum(4)`
 (https://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4) as far as
 capabilities goes, but that's more along the lines of sandboxing than
 Linux capabilities.  We should support that eventually but it's orthogonal
 to this, and none of the work here would carry over.

 The existing state of PTs is somewhat better than it used to be since
 calling `/usr/bin/setcap` works for about half the transports as an
 alternative to port forwarding.

 I'd vote to lorax this unless dgoulet is heavily invested in the code.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs