[tor-bugs] #8195 [Tor]: tor and capabilities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 14 04:43:21 UTC 2015
#8195: tor and capabilities
-----------------------------------------------+---------------------------
Reporter: weasel | Owner:
Type: enhancement | Status:
Priority: Medium | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: tor-relay, security, pre028-patch | Version:
Parent ID: | Resolution:
Sponsor: | Actual Points:
| Points: small
-----------------------------------------------+---------------------------
Comment (by andrea):
{{{
Begin code review for nickm's feature8195_small branch:
e2e51a60b16363d8264bb3c79cc8090a368e3c9f:
- Logic of have_capability_support() is correct, please fix DOCDOC
- Fixed in 29c01c3dce0e6b2b1d64110b1f73586fb7a46beb
- This business of deciding which to keep after dropping setuid by
the first n of the list seems like it'll get a bit ugly if we ever
want to generalize this to more than just CAP_NET_BIND_SERVICE,
but I think this is okay for now.
- switch_id() changes look fine
- In options_act_reversible(), it looks like if KeepCapabilities is
explicitly 0 (not -1), we'll drop capabilities even if have_low_ports
is true and then binding could fail; is this the behavior we want?
- Okay, we're warning about it in check_server_ports(), so probably
yes.
487543e6599ff46f96537841fc92780ff48a6840:
- All this test code looks okay
29c01c3dce0e6b2b1d64110b1f73586fb7a46beb:
- Okay, better comments now. Yay.
bc007838711f9b915542c7485fe7c24700497df8:
- These changes look okay to me.
d8f9636b687a03ae356d790b64b9954cd8292f37:
- Looks fine
End code review for nickm's feature8195_small branch
Recommendation: merge it
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list