Opened 5 years ago

Last modified 3 years ago

#6264 new enhancement

obfsproxy: Add support for dropping privileges and chrooting

Reported by: dazo Owned by: asn
Priority: Medium Milestone:
Component: Obfuscation/Obfsproxy Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

[PATCH 1/2] Make obfsproxy drop privileges if requested

Added --user and --group arguments which will make obfsproxy drop privileges
and switch to the given user/group.

The code for droping privileges is shamelessly taken from the Tor project and
adopted to obfsproxy.  The switch_id() function in src/common/compat.c was used.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
---
 configure.ac   |    3 +
 src/external.c |   16 +++++++-
 src/main.c     |  120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/managed.c  |   10 +++++
 4 files changed, 147 insertions(+), 2 deletions(-)


[PATCH 2/2] Added support for chrooting obfsproxy

This patch adds --chroot=<dir> which will chroot the process as soon
as possible.

For more info about chrooting, see this URL:
<http://www.unixwiz.net/techtips/chroot-practices.html>

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
---
 src/main.c |   27 +++++++++++++++++++++++++--
 1 files changed, 25 insertions(+), 2 deletions(-)

Child Tickets

Attachments (2)

Change History (3)

comment:1 Changed 3 years ago by asn

The code here is for C-obfsproxy.
Would be nice to have for Python-obfsproxy.

Note: See TracTickets for help on using tickets.