On Sun, 12 Apr 2015 12:46:26 +0000
Nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> tor will fail to startup with the current systemd service file [1]
> if your torrc makes use of the ControlSocket feature.
>
> To work around the issue one has to additionally allow the following
> capabilities:
> CAP_DAC_OVERRIDE
> CAP_CHOWN
> since the socket file is create as root and then changed to the tor
> user (chown).
>
> Is it possible to change this to not require
> CAP_DAC_OVERRIDE and CAP_CHOWN capabilities anymore?
I bet using the AF_UNIX SocksPort stuff will break as well, since the
code is common. All of the listeners are launched before switching
uid/gid and dropping privileges since it's common code.
The way to fix this would be to change retry_listener_ports and
retry_all_listeners code to additionally allow only launching service
ports (< 1024), and staging the listener launch process on config
(re)load to something that looks like:
1. Launch listeners that require elevated priviledges
(CAP_NET_BIND_SERVICE).
2. Drop priviledges and switch the uid/gid.
3. Launch the rest of the listeners, including all of the AF_UNIX
based ones (as the runtime tor user, so neither privilege is
required).
Patches accepted.
--
Yawning Angel
Attachment:
pgpe_v4J8WsM9.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev