[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8195 [Tor]: tor and capabilities

Subject: Re: [tor-bugs] #8195 [Tor]: tor and capabilities
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 Nov 2015 10:15:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Nov 2015 05:15:28 -0500
In-reply-to: <046.f88f8ee712a6e7cbdb7cdaa5a030e0d2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.f88f8ee712a6e7cbdb7cdaa5a030e0d2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#8195: tor and capabilities
-----------------------------------------------+---------------------------
 Reporter:  weasel                             |          Owner:
     Type:  enhancement                        |         Status:
 Priority:  Medium                             |  needs_revision
Component:  Tor                                |      Milestone:  Tor:
 Severity:  Normal                             |  0.2.8.x-final
 Keywords:  tor-relay, security, pre028-patch  |        Version:
Parent ID:                                     |     Resolution:
  Sponsor:                                     |  Actual Points:
                                               |         Points:  small
-----------------------------------------------+---------------------------
Changes (by asn):

 * status:  needs_review => needs_revision


Comment:

 Hello,

 nice code!

 here is an initial review. I didn't know anything about Linux caps before
 reviewing this, but I read a few things on the way.

 Some comments:

 - Should there be a log message for when a user has asked to use
 `KeepCapabilities` but their system does not have capability support
 (`HAVE_LINUX_CAPABILITIES` is not set)? As it is now, `switch_id()` will
 fail to set capabilitities silently, I think.

 - Also, in `switch_id()` the variable `keep_bindlow` will be unused (gcc
 error) if no `HAVE_LINUX_CAPABILITIES`.

 - If you run `make tests`, it will fail with an assertion error in
 `options_act_reversible()` because `have_low_ports` is still `-1`. That
 assert looks a bit hyperaggressive, can we relax it a bit?

 And some nitpicking:

 - Should we call the option `KeepCapabilities` if it only concerns the
 capability of binding to low ports? Are we going to introduce more caps in
 the future?

 - Might be nice to document `SWITCH_ID_KEEP_BINDLOW`. It confused me a bit
 before I realized it's just a cheap argument enum.

 - The comment of `check_server_ports` mispells the `n_low_ports_out`
 argument.

 I ran the tests in my system (with capabilities enabled) and they work.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17686 [Tor]: Make our openssl-RNG calling code less scary.
Next by Author: [tor-bugs] #17697 [Tor]: Add crypto_rand unit tests to check for predictable values
Previous by thread: Re: [tor-bugs] #8195 [Tor]: tor and capabilities
Next by thread: Re: [tor-bugs] #8195 [Tor]: tor and capabilities
Index(es):
- Author
- Thread