[Bug 218587] security/tor: transparent proxy doesn't work with default settings

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218587

            Bug ID: 218587
           Summary: security/tor: transparent proxy doesn't work with
                    default settings
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: xmj at FreeBSD.org
                CC: yuri at rawbw.com
                CC: yuri at rawbw.com
             Flags: maintainer-feedback?(yuri at rawbw.com)

Current default settings default to running tor as a transparent proxy, and
executing tor (via the rc.d script) as _tor:_tor.

This prevents tor from being able to open /dev/pf, and leads to failure

I know of two workarounds, and both of them are quite ugly:

1.
rc.conf values are changed such that
tor_user=root
tor_group=wheel
and corresponding /usr/local/etc/tor/torrc obtains an entry
User _tor,

or

2. /dev/pf ownership is changed (e.g. via devfs settings to be persistent) to
_tor:_tor.

The problem with 1) is that the rc.d script will modify ${tor_datadir} such
that it cannot be written to by the _tor user.

The problem with 2) is changing ownership of the firewall to an unprivileged
user.

-- 
You are receiving this mail because:
You are the assignee for the bug.