RedXen/ansible-tor
RedXen
/
ansible-tor
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable highly-insecure options with the default service #1

New Issue
Closed
opened 2020-05-15 23:26:16 +00:00 by caskd · 1 comment
caskd commented 2020-05-15 23:26:16 +00:00
Owner
Copy Link

"Security options" my ass, the fuck are these options?

ReadOnlyDirectories=/
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

These should not even be enabled by default considering that tor can drop priviledges in systemd and binds to 9050 by default, also why EVEN ALLOW FULL READ ON THE HOST ROOT SYSTEM, WHO THE FUCK WROTE THIS SHIT?

"Security options" my ass, the fuck are these options? ``` ReadOnlyDirectories=/ CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH ``` These should not even be enabled by default considering that tor can drop priviledges in systemd and binds to 9050 by default, also why EVEN ALLOW FULL READ ON THE HOST ROOT SYSTEM, WHO THE FUCK WROTE THIS SHIT?
caskd commented 2020-05-29 17:22:34 +00:00
Author
Owner
Copy Link

Nope, fuck this, not hosting anymore.

Nope, fuck this, not hosting anymore.
caskd closed this issue 2020-05-29 17:22:36 +00:00
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: RedXen/ansible-tor#1
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?