You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to properly enforce security of the tor2web proxy, it must run with a dedicated uid/gid and automatically chroot into it's own directory.
Implementing this kind of feature require taking care of:
fixing installation procedures
handling location and permission of configuration files, digital certificates and of log files
Twisted support by default chroot by command line, it must be evaluated whenever it's better to chroot by twistd command line or from within the application.
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/14807251-security-enforcement-of-daemon-uid-gid-chroot?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).
The text was updated successfully, but these errors were encountered:
In order to properly enforce security of the tor2web proxy, it must run with a dedicated uid/gid and automatically chroot into it's own directory.
Implementing this kind of feature require taking care of:
Twisted support by default chroot by command line, it must be evaluated whenever it's better to chroot by twistd command line or from within the application.
Twisted support the following cmdline switch http://linux.die.net/man/1/twistd :
Chroot to a supplied directory before running (default: don't chroot). Chrooting is done before changing the current directory.
The uid to run as. (default: don't change)
The gid to run as. (default: don't change)
Some good info on that are available on http://www.tsheffler.com/blog/?p=526
--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/14807251-security-enforcement-of-daemon-uid-gid-chroot?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).The text was updated successfully, but these errors were encountered: