[tor-dev] Are DAC_OVERRIDE & CHOWN capabilities required for ControlSocket?
yawning at schwanenlied.me
Sun Apr 12 13:10:33 UTC 2015
On Sun, 12 Apr 2015 12:46:26 +0000
Nusenu <nusenu at openmailbox.org> wrote:
> tor will fail to startup with the current systemd service file 
> if your torrc makes use of the ControlSocket feature.
> To work around the issue one has to additionally allow the following
> since the socket file is create as root and then changed to the tor
> user (chown).
> Is it possible to change this to not require
> CAP_DAC_OVERRIDE and CAP_CHOWN capabilities anymore?
I bet using the AF_UNIX SocksPort stuff will break as well, since the
code is common. All of the listeners are launched before switching
uid/gid and dropping privileges since it's common code.
The way to fix this would be to change retry_listener_ports and
retry_all_listeners code to additionally allow only launching service
ports (< 1024), and staging the listener launch process on config
(re)load to something that looks like:
1. Launch listeners that require elevated priviledges
2. Drop priviledges and switch the uid/gid.
3. Launch the rest of the listeners, including all of the AF_UNIX
based ones (as the runtime tor user, so neither privilege is
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the tor-dev