Opened 5 years ago

Closed 5 years ago

#12939 closed enhancement (implemented)

Add NoNewPrivileges=true to systemd unit.

Reported by: stebalien Owned by: intrigeri
Priority: Low Milestone: Tor: 0.2.6.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: systemd 025-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please consider adding NoNewPrivliges=true to the systemd unit. This will prevent tor from gaining privileges (e.g. by executing setuid binaries).

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by stebalien

Component: - Select a componentTor
Keywords: systemd added

comment:2 Changed 5 years ago by nickm

Keywords: 025-backport added
Milestone: Tor: 0.2.6.x-final

Fine by me. Somebody who maintains systemd should write the correct patch for this;

comment:3 Changed 5 years ago by intrigeri

Owner: set to intrigeri
Status: newassigned

I'm on it. I've been testing this setting as part of my work on #12751 for a month.

comment:4 Changed 5 years ago by intrigeri

Status: assignedneeds_review

Implemented in bug12939-systemd-no-new-privileges, same repo as usual.

comment:5 Changed 5 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Sounds tested to me. Merged to master.

Note: See TracTickets for help on using tickets.