Opened 8 years ago

Last modified 18 months ago

#6264 new enhancement

obfsproxy: Add support for dropping privileges and chrooting

Reported by: dazo Owned by:
Priority: Medium Milestone:
Component: Archived/Obfsproxy Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


[PATCH 1/2] Make obfsproxy drop privileges if requested

Added --user and --group arguments which will make obfsproxy drop privileges
and switch to the given user/group.

The code for droping privileges is shamelessly taken from the Tor project and
adopted to obfsproxy.  The switch_id() function in src/common/compat.c was used.

Signed-off-by: David Sommerseth <>
---   |    3 +
 src/external.c |   16 +++++++-
 src/main.c     |  120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/managed.c  |   10 +++++
 4 files changed, 147 insertions(+), 2 deletions(-)

[PATCH 2/2] Added support for chrooting obfsproxy

This patch adds --chroot=<dir> which will chroot the process as soon
as possible.

For more info about chrooting, see this URL:

Signed-off-by: David Sommerseth <>
 src/main.c |   27 +++++++++++++++++++++++++--
 1 files changed, 25 insertions(+), 2 deletions(-)

Child Tickets

Attachments (2)

Change History (6)

comment:1 Changed 6 years ago by asn

The code here is for C-obfsproxy.
Would be nice to have for Python-obfsproxy.

comment:2 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:3 Changed 19 months ago by teor

Owner: asn deleted
Status: newassigned

asn does not need to own any obfuscation tickets any more. Default owners are trouble.

comment:4 Changed 18 months ago by cohosh

Status: assignednew

tickets are unassigned, reverting to 'new'

Note: See TracTickets for help on using tickets.