Date: Wed, 12 Apr 2017 12:01:00 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 218587] security/tor: transparent proxy doesn't work with default settings Message-ID: <bug-218587-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218587 Bug ID: 218587 Summary: security/tor: transparent proxy doesn't work with default settings Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: xmj@FreeBSD.org CC: yuri@rawbw.com CC: yuri@rawbw.com Flags: maintainer-feedback?(yuri@rawbw.com) Current default settings default to running tor as a transparent proxy, and executing tor (via the rc.d script) as _tor:_tor. This prevents tor from being able to open /dev/pf, and leads to failure I know of two workarounds, and both of them are quite ugly: 1. rc.conf values are changed such that tor_user=3Droot tor_group=3Dwheel and corresponding /usr/local/etc/tor/torrc obtains an entry User _tor, or 2. /dev/pf ownership is changed (e.g. via devfs settings to be persistent) = to _tor:_tor. The problem with 1) is that the rc.d script will modify ${tor_datadir} such that it cannot be written to by the _tor user. The problem with 2) is changing ownership of the firewall to an unprivileged user. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218587-13>