[tor-dev] tor not starting with NoNewPrivileges = yes (systemd)
Nusenu
nusenu at openmailbox.org
Tue Mar 17 15:54:09 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I'm currently preparing/testing a systemd unit file (#14995) for
debian (wheezy-backports/systemd 204) based on the one shipped by tor [1].
It does not work yet, and although the 'fix' would be easy - simply
remove:
NoNewPrivileges = yes
I'd like to hear from you before removing such a security feature.
Does tor require new privileges to work?
It actually fails in two instances:
1) before actually starting the tor daemon (--verify-config):
Process: 2844 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc
- --verify-config (code=exited, status=227/NO_NEW_PRIVILEGES)
2) and when actually starting the daemon
thanks,
Nusenu
I'm testing with
0.2.5.10-1~d70.wheezy
minimal test torrc used:
User debian-tor
DataDirectory /var/lib/tor
Log debug file /var/log/tor/log
[1]
https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in#n25
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVCE4hAAoJEFv7XvVCELh0AsMP/2DhEt+oLcSyN0w5pN6iyy2B
O3WI+k4ZpC+OVKtRdQPcdmiCodo4So70ZGN3qEJKDTVLHW1YFn2p7z0a57OvYvkA
SfQEy6yilQ1cUUMYUNj34WOdsq/tKDSmWQnJRvSUkdt1G2/WUJ14t0NRdR0KIzy0
bFQUYSkp2mnal8GpAldhx5q8P7zRlnf/fJC2gsQMJEEtPFwTGAl++cZ1mvuf00zk
TsLo0L4BJ4EkAA4txJ8aihbYVZI0mJn2rWSc9OHVElNNiSYN2+d1k3bhCZHY/K2N
yFnYY1lqoBcpmHakSOs2NqJx7arSMZY59oFR4Z9qBK+bpFQohzwOmV47Qfj8vahV
CkDEIlh9OAYn59MahsBGJFMl/lSEVSAD60ZcTb3tveJEDSFtBJx9ey0P21MTlukh
b+JUjc28UmNxLwHz/2bpe4+RZ0qKY2g+NnlbupNU+FUZGH9aiAxvpVKzFcxwvh6n
wFiiRnQ8wWMZSMB5iOvltjt8jtxy2cvLrDypbsyEI28CdTuqAD+V0DrAn91Qyd2G
aQwW+XkplwgiX8lVS8pno8P+EpAEoN1av8R2IVayN4zsp/IkgTff2W6GzTm4jQIB
eL3vJz5OaK8q32wABNIMq7kaKs2O8VLbuxilZMDb0dmSozTQwNztpUsJFTiOZpbG
yJllYQDwN3VuDBO9QXGY
=osrb
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list