[tor-bugs] #18356 [Core Tor/Tor]: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 22 04:12:07 UTC 2020
#18356: obfs4proxy cannot bind to <1024 port with systemd hardened service unit
-------------------------------------------------+-------------------------
Reporter: irregulator | Owner: asn
Type: defect | Status: new
Priority: Low | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.7.4-rc
Severity: Normal | Resolution:
Keywords: obfs4proxy, systemd, jessie, tor-pt | Actual Points:
Parent ID: | Points: 15
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dcf):
I found an [https://www.sindastra.de/p/788/obfuscate-your-tor-bridge-with-
obfs4/ obfs4 setup guide by Sindastra] that invents another way to work
around the problem, using `chattr +i` to prevent `apt` from upgrading the
systemd files. Some official guidance would help in preventing people from
inventing suboptimal workarounds like this, I think.
> Now edit the files `/lib/systemd/system/tor at default.service` and
`/lib/systemd/system/tor at .service` and in both files change
`NoNewPrivileges=yes` to `NoNewPrivileges=no` and then execute `systemctl
daemon-reload` to apply the changes.
>
> It can happen, that during an update, the Tor service files will be
overwritten and the modifications thus removed. This will result in the
proxy not functioning on the desired port anymore (if below 1024). This
can be fixed by marking the service files as immutable after modification,
like this:
> {{{
> sudo chattr +i /lib/systemd/system/tor at default.service
> sudo chattr +i /lib/systemd/system/tor at .service
> }}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18356#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list