#26910: Could tor drop privileges even earlier? (before trying to access anything on the filesystem beyond its torrc files) --------------------------+---------------------------------- Reporter: nusenu | Owner: (none) Type: enhancement | Status: new Priority: Medium | Milestone: Tor: unspecified Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+---------------------------------- Changes (by weasel):
* cc: weasel (added) Comment: Yes, please. The Debian service file still needs to give tor the CAP_DAC_READ_SEARCH capability (which lets uid 0 override DAC file permissions for read/search purposes) or else it falls flat on its face with hidden services (cf. [https://bugs.debian.org/847598 Debian#847598]). We'd appreciate if Tor did not need this elevated capability. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26910#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs