[tor-bugs] #7875 [Tor]: debian obfsproxies can't advertise ports under 1024

[Tor Bug Tracker & Wiki]

#7875: debian obfsproxies can't advertise ports under 1024
------------------------+------------------------------
     Reporter:  arma    |      Owner:  asn
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: unspecified
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-bridge
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------

Comment (by asn):

 Replying to [comment:12 asn]:
 > #8195 might also be a step forward. It uses Linux `capabilities(7)` to
 let Tor bind to low listening ports even after it has dropped privs. David
 told me that Linux capabilities also do inheritance, so it might be
 possible for our PT processes to inherit this capability themselves.

 Yawning posted some updates on this from the dev meeting:
 {{{
 At the dev meeting I was talking to dgoulet about having tor do the
 appropriate work to preserve the CAP_NET_BIND_SERVICE when dropping root
 so all PTs transparently get this capability.

 He mentioned difficulties with our python PTs, probably because the
 ServerTransportPlugin line was pointing directly at the script and it
 was getting invoked via the #! handler in the kernel.  It may be
 possible that this "just works" if the ServerTransportPlugin line
 pointed at the python interpreter instead, but if it does not, this will
 probably require a kernel patch, that won't ever get accepted upstream.
 }}}
 from https://lists.torproject.org/pipermail/tor-dev/2014-July/007139.html

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7875#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online