Current default settings default to running tor as a transparent proxy, and executing tor (via the rc.d script) as _tor:_tor. This prevents tor from being able to open /dev/pf, and leads to failure I know of two workarounds, and both of them are quite ugly: 1. rc.conf values are changed such that tor_user=root tor_group=wheel and corresponding /usr/local/etc/tor/torrc obtains an entry User _tor, or 2. /dev/pf ownership is changed (e.g. via devfs settings to be persistent) to _tor:_tor. The problem with 1) is that the rc.d script will modify ${tor_datadir} such that it cannot be written to by the _tor user. The problem with 2) is changing ownership of the firewall to an unprivileged user.
Does 1. actually work for you (with modified rc script)? Starting as root and changing to _tor:_tor later seems like a solution.
Sure does
Can you move this forward please?
Sorry for the delay. I will move this once previous patches are committed, bug#219246, in order to avoid conflicts. Regards, Yuri
(In reply to Yuri Victorovich from comment #4) Any progress?
Created attachment 183502 [details] patch Implemented setuid feature. The user should add tor_setuid=YES to /etc/rc.conf to make tor do setuid in runtime after opening the externally provided files.
A commit references this bug: Author: joneum Date: Sat Jun 17 10:54:54 UTC 2017 New revision: 443770 URL: https://svnweb.freebsd.org/changeset/ports/443770 Log: - security/tor: Implemented setuid feature *The user should add tor_setuid=YES to /etc/rc.conf to make tor do setuid in runtime after opening the externally provided files. PR: 218587 Submitted by: xmj Approved by: Yuri Victorovich <yuri at rawbw.com> (maintainer) Approved by: miwi (mentor) Differential Revision: https://reviews.freebsd.org/D11223 Changes: head/security/tor/Makefile head/security/tor/files/tor.in
Committed, thanks :-)