#13805: Improve hardening in tor.service
--------------------------+--------------------------------
Reporter: candrews | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: systemd
Actual Points: | Parent ID:
Points: |
--------------------------+--------------------------------
Comment (by candrews):
For the sake of clarity, here is the complete tor.service suggested by and
currently used by Gentoo:
{{{
[Unit]
Description=The Onion Router
[Service]
ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc
ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
TimeoutStopSec=32
LimitNOFILE=30000
# Hardening options:
CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
PrivateTmp = yes
PrivateDevices = yes
ProtectHome = yes
ProtectSystem = full
NoNewPrivileges = yes
[Install]
WantedBy=multi-user.target
}}}
The timeout of 32 seconds was chosen to ensure that the daemon receives a
SIGNINT and after that has 30 seconds to gracefully close connections.
After that a SIGTERM is sent with another 32 seconds. Finally a SIGKILL.
This is more than the usual systemd default - but ensures that extremely
short user overrides in /etc/systemd/system.conf are overruled.
Gentoo used LimitNOFILE=30000 because that's what the sysvinit script they
have uses - but they don't care if it's 32768 or 30000 so whatever Tor
wants is good.
Hopefully we can get these changes upstream and Tor and all its distros
win - thanks again!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13805#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs