[tor-bugs] #18356 [Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 22 02:46:52 UTC 2016
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
Component: Tor | unspecified
Severity: Normal | Version: Tor:
Keywords: obfs4proxy, systemd, jessie, tor-pt | 0.2.7.6
Parent ID: | Resolution:
Sponsor: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
Changes (by yawning):
* priority: Medium => Low
* keywords: obfs4proxy, systemd, jessie => obfs4proxy, systemd, jessie,
tor-pt
* component: Obfsproxy => Tor
* milestone: => Tor: unspecified
Comment:
Yes, the root cause is indeed how systemd is spawning tor, and the config
option. There is absolutely nothing I can do from within obfs4proxy to
work around this, because it is a security feature enforced by the kernel.
Something like the tor daemon opening the socket bound to a privileged
port would be possible, but that requires patching tor, modifying the PT
configuration/spawn process, and then modifying obfs4proxy.
Since "fixing" this requires modifying the service file at a minimum, and
a large list of tor changes and spec changes to do correctly, I am re-
categorizing this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list