[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 22 Mar 2020 04:12:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 22 Mar 2020 00:12:17 -0400
In-reply-to: <051.f427f56cdb80eb70eb83a9929946402d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.f427f56cdb80eb70eb83a9929946402d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
 Reporter:  irregulator                          |          Owner:  asn
     Type:  defect                               |         Status:  new
 Priority:  Low                                  |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.7.4-rc
 Severity:  Normal                               |     Resolution:
 Keywords:  obfs4proxy, systemd, jessie, tor-pt  |  Actual Points:
Parent ID:                                       |         Points:  15
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by dcf):

 I found an [https://www.sindastra.de/p/788/obfuscate-your-tor-bridge-with-
 obfs4/ obfs4 setup guide by Sindastra] that invents another way to work
 around the problem, using `chattr +i` to prevent `apt` from upgrading the
 systemd files. Some official guidance would help in preventing people from
 inventing suboptimal workarounds like this, I think.

 > Now edit the files `/lib/systemd/system/tor@default.service` and
 `/lib/systemd/system/tor@.service` and in both files change
 `NoNewPrivileges=yes` to `NoNewPrivileges=no` and then execute `systemctl
 daemon-reload` to apply the changes.
 >
 > It can happen, that during an update, the Tor service files will be
 overwritten and the modifications thus removed. This will result in the
 proxy not functioning on the desired port anymore (if below 1024). This
 can be fixed by marking the service files as immutable after modification,
 like this:
 > {{{
 > sudo chattr +i /lib/systemd/system/tor@default.service
 > sudo chattr +i /lib/systemd/system/tor@.service
 > }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #33014 [Core Tor/Tor]: Refactor hs configuration parsing
Next by Author: Re: [tor-bugs] #32143 [Core Tor/Tor]: Build some CI jobs with ALL_BUGS_ARE_FATAL
Previous by thread: Re: [tor-bugs] #33686 [Core Tor/Tor]: Tor 0.4.2.7 wont get past bootstrap phase with Sandbox 1 enabled
Next by thread: [tor-bugs] #33687 [- Select a component]: Create rotating DNS DoH/DoT server list option Trr Core Tor
Index(es):
- Author
- Thread