[tor-dev] what capabilities does tor need for reloading?

Nusenu nusenu at openmailbox.org
Wed Mar 18 13:09:21 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> so the somewhat obvious fix was to add "CAP_KILL".

after reading:

man capabilities:
> Bypass permission checks for sending signals (see kill(2)).  This
> includes use of the ioctl(2) KDSIGACCEPT operation.

I'm not entirely sure since that sounds like tor will be able to kill
arbitrary processes.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVCXkBAAoJEFv7XvVCELh0MjoP+wdhNqQqNUeeP/FmqRRB3nq5
Vr7Pxt3Q/LkdkWj6KsdyGPrSoo1PNnmy8yYHcuBG+tFXfWeLvSE+UvBS39vs6/QL
JDnDbzDasKggVspYCALUKfdcLFEV+LkcvV61ank2ogcNKUFsA47UDXDebV99akWo
QtGWK3k49JLx6dPJ+ihMCSm0NNfJIO/Ra9zpXnxIh3vyC/RVi2SvOfQK/Wme4HYH
BBAGkihnSPZ/55A/P9NQ7U18RDURhq7xj1hSYdwd7FrvGk+0TeOjnkv5xwYbwIxT
KC5hJmF7ezk4XT5UjtHNXLWxgOQ5mMxJ9ZLyH2Jk/OhMvxVKaJdpNtmJyFMXuqZo
a9XY0MAbcrrW/GArTT2sSJrYytDqRUsgQjaZw/jCj7oIL0TgfWQADFVSFY3YWvd/
5LBQALq9pmgUmyoweSKpkaA4byGClBQjRQDb0gDUXW2oeaQiIFdhYE4PtHySP+Fl
sx74Ygtj7tBqf0eKLe94ocTlA2koGU/GU3vNddAefTSjDwlXAnBXkzaxLYHwHiTf
e7UEw+81Lp8AZ/Q0jO3S1awaKVgpYmmeUBZGdfwww/MJ21ziLBBaBVKofM/Ux1Qu
AwVMuhBgLl06KXCNwlXY/ewZEKlgQtjCAzShvznJ9dEzThkTW/MASMwKUH32ATN0
p7tQyv6iI2cr9Gw2RdDE
=M8+W
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list