[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Quick bugfix sharing regarding obfs4 malfunctioning

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Quick bugfix sharing regarding obfs4 malfunctioning
From: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Thu, 7 Sep 2023 10:54:29 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Sep 2023 12:54:49 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Type:MIME-Version:References :Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rH7TbXar7iwv65hTq9ZtfXdbeu5G0FVW/xO7RgGCgDM=; b=HEPch5675s7YaU8i81BVhV48Vs eD5hngv1cUsFxfMgUiq/UN/pw1bymgoNNiHsgSURlrkFjxZaWAPlsSj4LowPab2ynPgqrHFmXrhIh LoTq4N6aL/RJN2YmQMHUxRHdntuAyKKpEtfrN+aY2GioQg4+QuqSHc4aTRa//LQuUZDg=;
In-reply-to: <b0f8a922-aa5d-f03e-71e0-ef22ab1ad6e9@telekobold.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
References: <b0f8a922-aa5d-f03e-71e0-ef22ab1ad6e9@telekobold.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Thu, Sep 07, 2023 at 02:12:36PM +0200, telekobold wrote:
> I just want to share some quick bugfix with you (sorry if this is obvious to
> you or has been written somewhere else).
> 
> Suddenly, I got the following error messages on my two bridges running on
> Debian 11 appearing in the logs (in /var/log/tor/notices.log and in the nyx
> output) every second until a restart:
> 
> <timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated
> with status code 65280
> <timestamp> [warn] Server managed proxy encountered a method error. (obfs4
> listen tcp 0.0.0.0:443: bind: permission denied)
> <timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned
> successfully, but it didn't launch any pluggable transport listeners!
> 
> When restarting the corresponding bridge, in the startup process the second
> and the third of the above warning messages again appeared in the logs. So
> obfs4 was suddenly not usable any more. Port 443 is not blocked in the
> bridge's firewalls.
> 
> A bit research reveled that apparently, an automatic update set the systemd
> setting "NoNewPrivileges=no" in /lib/systemd/system/tor@default.service and
> tor@.service [1] back to yes, which caused the above issue. After setting it
> back and restarting, everything works fine now and instead of the warning
> messages mentioned above, the following message appears in the log again:
> 
> <timestamp> [notice] Registered server transport 'obfs4' at '[::]:443'

There's a better way to set `NoNewPrivileges=no` that will not get
overwritten in an upgrade. Use a systemd override:
https://bugs.torproject.org/tpo/core/tor/18356#note_2439960

```
systemctl edit tor@.service tor@default.service
```

Enter this text in both editors that appear:

```
[Service]
NoNewPrivileges=no
```

Then run

```
service tor restart
```

This will create files /etc/systemd/system/tor@.service.d/override.conf
and /etc/systemd/system/tor@default.service.d/override.conf that will
not be overwritten in an upgrade.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Quick bugfix sharing regarding obfs4 malfunctioning
  - From: telekobold

Prev by Author: [tor-relays] Running a high-performance pluggable transports Tor bridge (FOCI 2023 short paper)
Next by Author: Re: [tor-relays] Bridge with iat-mode=2 very slow
Previous by thread: Re: [tor-relays] Quick bugfix sharing regarding obfs4 malfunctioning
Next by thread: [tor-relays] Grafana dashboards
Index(es):
- Author
- Thread