[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18356 [Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit

Subject: Re: [tor-bugs] #18356 [Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 22 Feb 2016 02:46:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Feb 2016 21:47:04 -0500
In-reply-to: <051.f427f56cdb80eb70eb83a9929946402d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.f427f56cdb80eb70eb83a9929946402d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
 Reporter:  irregulator                          |          Owner:  asn
     Type:  defect                               |         Status:  new
 Priority:  Low                                  |      Milestone:  Tor:
Component:  Tor                                  |  unspecified
 Severity:  Normal                               |        Version:  Tor:
 Keywords:  obfs4proxy, systemd, jessie, tor-pt  |  0.2.7.6
Parent ID:                                       |     Resolution:
  Sponsor:                                       |  Actual Points:
                                                 |         Points:
-------------------------------------------------+-------------------------
Changes (by yawning):

 * priority:  Medium => Low
 * keywords:  obfs4proxy, systemd, jessie => obfs4proxy, systemd, jessie,
     tor-pt
 * component:  Obfsproxy => Tor
 * milestone:   => Tor: unspecified


Comment:

 Yes, the root cause is indeed how systemd is spawning tor, and the config
 option.  There is absolutely nothing I can do from within obfs4proxy to
 work around this, because it is a security feature enforced by the kernel.

 Something like the tor daemon opening the socket bound to a privileged
 port would be possible, but that requires patching tor, modifying the PT
 configuration/spawn process, and then modifying obfs4proxy.

 Since "fixing" this requires modifying the service file at a minimum, and
 a large list of tor changes and spec changes to do correctly, I am re-
 categorizing this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #18356 [Obfsproxy]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18177 [DocTor]: Check Fallback Directory IPv4 and IPv6 addresses using DocTor
Next by Author: [tor-bugs] #18360 [- Select a component]: option not to use mman-win32
Previous by thread: [tor-bugs] #18356 [Obfsproxy]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
Next by thread: [tor-bugs] #18357 [Tor]: HiddenServicePort IPv6 broken on FreeBSD
Index(es):
- Author
- Thread