[tor-bugs] #8195 [Tor]: tor and capabilities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 3 17:11:02 UTC 2015
#8195: tor and capabilities
-------------------------------------------------+-------------------------
Reporter: weasel | Owner:
Type: enhancement | Status:
Priority: Medium | needs_revision
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: tor-relay, security, 026-triaged-1, | Version:
026-deferrable, 027-triaged-1-out, | Resolution:
pre028-patch | Actual Points:
Parent ID: | Points: small
Sponsor: |
-------------------------------------------------+-------------------------
Comment (by yawning):
FreeBSD has `capsicum(4)`
(https://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4) as far as
capabilities goes, but that's more along the lines of sandboxing than
Linux capabilities. We should support that eventually but it's orthogonal
to this, and none of the work here would carry over.
The existing state of PTs is somewhat better than it used to be since
calling `/usr/bin/setcap` works for about half the transports as an
alternative to port forwarding.
I'd vote to lorax this unless dgoulet is heavily invested in the code.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list