[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Guidelines for lifetime of a bridge?



On Mon, 17 Aug 2015 09:13:21 +0100
Tim Sammut <tim@xxxxxxxxxxxxxx> wrote:
> With possible config changes in mind, is it best to use ports 80 and
> 443 for pluggable transports?

It'd be nice if more bridges used ports < 1024, yes.

> IIRC the bridgeDB prefers to hand out at least one bridge with port 80
> or 443 open. Right now the bridge runs obfs3 on 80/tcp and obfs4 on
> 443/tcp. Is that still a desirable setup (despite having to run bits
> as root)?

You don't need to run obfs4proxy as root assuming you are on a modern
linux system, since obfs4proxy works correctly with capabilities.

  # setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy

Note, this will let any user on the system executing the obfs4proxy
binary to bind to "privileged" ports, and must be done each time the
binary is modified in any way (moved, upgraded, etc).

IIRC on Debian an extra package needs to be installed to get the setcap
executable, but I don't remember what it is off the top of my head.

For more information see setcap(8) and capabilities(7).

Regards,

-- 
Yawning Angel

Attachment: pgpg9poKc3qSt.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays