Re: [tor-bugs] #19759 [Core Tor/Tor]: systemd tor.service hardening: add MemoryDenyWriteExecute=true

[Tor Bug Tracker & Wiki]

#19759: systemd tor.service hardening: add MemoryDenyWriteExecute=true
-+-
 Reporter:  candrews |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay hardening packaging|  Actual Points:
  systemd|
Parent ID:  #30797   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arma):

 * parent:   => #30797


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19759 [Core Tor/Tor]: systemd tor.service hardening: add MemoryDenyWriteExecute=true

[Tor Bug Tracker & Wiki]

#19759: systemd tor.service hardening: add MemoryDenyWriteExecute=true
-+-
 Reporter:  candrews |  Owner:
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay hardening packaging|  Actual Points:
  systemd|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  systemd => tor-relay hardening packaging systemd


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19759 [Core Tor/Tor]: systemd tor.service hardening: add MemoryDenyWriteExecute=true

[Tor Bug Tracker & Wiki]

#19759: systemd tor.service hardening: add MemoryDenyWriteExecute=true
--+
 Reporter:  candrews  |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  systemd   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * milestone:   => Tor: 0.2.9.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19759 [Core Tor/Tor]: systemd tor.service hardening: add MemoryDenyWriteExecute=true

[Tor Bug Tracker & Wiki]

#19759: systemd tor.service hardening: add MemoryDenyWriteExecute=true
--+-
 Reporter:  candrews  |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  systemd
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 In systemd 231, the MemoryDenyWriteExecute option was added:

   A new service setting MemoryDenyWriteExecute= has been added,
 taking
   a boolean value. If turned on, a service may no longer create
 memory
   mappings that are writable and executable at the same time. This
   enhances security for services where this is enabled as it
 becomes
   harder to dynamically write and then execute memory in exploited
   service processes. This option has been enabled for all of
 systemd's
   own long-running services.
 https://lists.freedesktop.org/archives/systemd-devel/2016-July/037220.html

 Can you please add:
 {{{
 MemoryDenyWriteExecute=true
 }}}
 to https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in
 in the [Service] section?

 Note that systemd < 231 will simply ignore this unknown option so there is
 no backwards compatibility concern.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs