[tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 23 17:12:26 UTC 2017
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.7.6
Severity: Normal | Resolution:
Keywords: obfs4proxy, systemd, jessie, tor-pt | Actual Points:
Parent ID: | Points: 15
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by dcf):
* cc: dcf (added)
Comment:
I didn't know about this ticket when I filed a Debian bug yesterday:
[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865495 tor >=
0.2.7.4-rc-1 renders CAP_NET_BIND_SERVICE on server transport plugins
ineffective]
I tried various versions of the Debian package and found that the first
version that doesn't allow server transport plugins to bind to low ports
is 0.2.7.4-rc-1.
The workaround of setting `NoNewPrivileges=no` in
`/lib/systemd/system/tor at default.service` and
`/lib/systemd/system/tor at .service` also worked in my case. This is on
Debian 9 (stretch) with tor 0.2.9.11-1~deb9u1. After modifying the
.service files, I had to run:
{{{
systemctl daemon-reload
service tor restart
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list