mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-24 22:58:50 +01:00
Code Issues Projects Releases Wiki Activity

Permit filesystem group to be root

Browse source
This commit is contained in:
Jamie Nguyen 2015-11-13 14:17:02 +00:00 committed by Nick Mathewson
parent d68b7fd442
commit 08c7ceb5df
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changes/bug17562-allow-root-group-read Normal file
View file

@ -0,0 +1,6 @@
o Minor bug fixes:
- If any directory created by Tor is marked as group readable, the
filesystem group is allowed to be either the default GID or the root
user. Allowing root to read the DataDirectory prevents the need for
CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
dac_read_search when using SELinux.

2
src/common/util.c
View file

@ -2143,7 +2143,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
return -1; return -1;
} }
if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ)) if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ))
&& (st.st_gid != running_gid) ) { && (st.st_gid != running_gid) && (st.st_gid != 0)) {
struct group *gr; struct group *gr;
char *process_groupname = NULL; char *process_groupname = NULL;
gr = getgrgid(running_gid); gr = getgrgid(running_gid);