mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-24 14:51:11 +01:00
Code Issues Projects Releases Wiki Activity

chown() sockets when User option is set

Browse source 
Fixes bug 3421
This commit is contained in:
Jérémy Bobbio 2011-09-07 18:51:24 +02:00 committed by Nick Mathewson
parent 5c53a0f867
commit 58a0afe30f
2 changed files with 28 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changes/bug3421 Normal file
View file

@ -0,0 +1,6 @@
o Minor features:
- When starting as root and then changing our UID via the User
control option, if we are running with ControlSocket, make sure
that the ControlSocket is owned by the same account that Tor will
run under. Implements ticket 3421; fix by Jérémy Bobbio.

24
src/or/connection.c
View file

@ -40,6 +40,10 @@
#include <event2/event.h> #include <event2/event.h>
#endif #endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
static connection_t *connection_create_listener( static connection_t *connection_create_listener(
const struct sockaddr *listensockaddr, const struct sockaddr *listensockaddr,
socklen_t listensocklen, int type, socklen_t listensocklen, int type,
@ -859,6 +863,10 @@ connection_create_listener(const struct sockaddr *listensockaddr,
listener_connection_t *lis_conn; listener_connection_t *lis_conn;
connection_t *conn; connection_t *conn;
tor_socket_t s; /* the socket we're going to make */ tor_socket_t s; /* the socket we're going to make */
or_options_t const *options = get_options();
#if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
struct passwd *pw = NULL;
#endif
uint16_t usePort = 0, gotPort = 0; uint16_t usePort = 0, gotPort = 0;
int start_reading = 0; int start_reading = 0;
static int global_next_session_group = SESSION_GROUP_FIRST_AUTO; static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
@ -931,7 +939,7 @@ connection_create_listener(const struct sockaddr *listensockaddr,
* and listeners at the same time */ * and listeners at the same time */
tor_assert(type == CONN_TYPE_CONTROL_LISTENER); tor_assert(type == CONN_TYPE_CONTROL_LISTENER);
if (check_location_for_unix_socket(get_options(), address) < 0) if (check_location_for_unix_socket(options, address) < 0)
goto err; goto err;
log_notice(LD_NET, "Opening %s on %s", log_notice(LD_NET, "Opening %s on %s",
@ -955,7 +963,19 @@ connection_create_listener(const struct sockaddr *listensockaddr,
tor_socket_strerror(tor_socket_errno(s))); tor_socket_strerror(tor_socket_errno(s)));
goto err; goto err;
} }
if (get_options()->ControlSocketsGroupWritable) { #ifdef HAVE_PWD_H
if (options->User) {
pw = getpwnam(options->User);
if (pw == NULL) {
log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
address, options->User);
} else if (chown(address, pw->pw_uid, pw->pw_gid) < 0) {
log_warn(LD_NET,"Unable to chown() %s socket: %s.", address, strerror(errno));
goto err;
}
}
#endif
if (options->ControlSocketsGroupWritable) {
/* We need to use chmod; fchmod doesn't work on sockets on all /* We need to use chmod; fchmod doesn't work on sockets on all
* platforms. */ * platforms. */
if (chmod(address, 0660) < 0) { if (chmod(address, 0660) < 0) {