On Mon, 14 Jul 2014 12:30:06 -0700 Kevin P Dyer kpdyer@gmail.com wrote:
(This is orthogonal to the bridge code, but since you asked...)
I would like to be able to bind to privileged ports when running a PT-enabled bridge in managed mode --- will any changes to little-t-tor be required for this feature?
(Assuming Lenooks for the sake of discussion.)
At the dev meeting I was talking to dgoulet about having tor do the appropriate work to preserve the CAP_NET_BIND_SERVICE when dropping root so all PTs transparently get this capability.
He mentioned difficulties with our python PTs, probably because the ServerTransportPlugin line was pointing directly at the script and it was getting invoked via the #! handler in the kernel. It may be possible that this "just works" if the ServerTransportPlugin line pointed at the python interpreter instead, but if it does not, this will probably require a kernel patch, that won't ever get accepted upstream.
Regards,