[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.7.4-rc
Severity: Normal | Resolution:
Keywords: obfs4proxy, systemd, jessie, tor-pt | Actual Points:
Parent ID: | Points: 15
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dcf):
I found an [https://www.sindastra.de/p/788/obfuscate-your-tor-bridge-with-
obfs4/ obfs4 setup guide by Sindastra] that invents another way to work
around the problem, using `chattr +i` to prevent `apt` from upgrading the
systemd files. Some official guidance would help in preventing people from
inventing suboptimal workarounds like this, I think.
> Now edit the files `/lib/systemd/system/tor@default.service` and
`/lib/systemd/system/tor@.service` and in both files change
`NoNewPrivileges=yes` to `NoNewPrivileges=no` and then execute `systemctl
daemon-reload` to apply the changes.
>
> It can happen, that during an update, the Tor service files will be
overwritten and the modifications thus removed. This will result in the
proxy not functioning on the desired port anymore (if below 1024). This
can be fixed by marking the service files as immutable after modification,
like this:
> {{{
> sudo chattr +i /lib/systemd/system/tor@default.service
> sudo chattr +i /lib/systemd/system/tor@.service
> }}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs