[tor-bugs] #18356 [Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 02:46:52 UTC 2016


#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
 Reporter:  irregulator                          |          Owner:  asn
     Type:  defect                               |         Status:  new
 Priority:  Low                                  |      Milestone:  Tor:
Component:  Tor                                  |  unspecified
 Severity:  Normal                               |        Version:  Tor:
 Keywords:  obfs4proxy, systemd, jessie, tor-pt  |  0.2.7.6
Parent ID:                                       |     Resolution:
  Sponsor:                                       |  Actual Points:
                                                 |         Points:
-------------------------------------------------+-------------------------
Changes (by yawning):

 * priority:  Medium => Low
 * keywords:  obfs4proxy, systemd, jessie => obfs4proxy, systemd, jessie,
     tor-pt
 * component:  Obfsproxy => Tor
 * milestone:   => Tor: unspecified


Comment:

 Yes, the root cause is indeed how systemd is spawning tor, and the config
 option.  There is absolutely nothing I can do from within obfs4proxy to
 work around this, because it is a security feature enforced by the kernel.

 Something like the tor daemon opening the socket bound to a privileged
 port would be possible, but that requires patching tor, modifying the PT
 configuration/spawn process, and then modifying obfs4proxy.

 Since "fixing" this requires modifying the service file at a minimum, and
 a large list of tor changes and spec changes to do correctly, I am re-
 categorizing this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list