diff options
| author | Jérémy Bobbio <lunar@debian.org> | 2011-06-14 12:18:32 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-06-14 12:18:32 -0400 |
| commit | 54d7d31cba84232b50fef4287951b2c4bfa746c2 (patch) | |
| tree | 3edfea998d447846a8e5cf14b850d38eb0da7450 /src/common/util.h | |
| parent | f30327449009a7f00b0f5c2bd09a7eff615df3dd (diff) | |
| download | tor-54d7d31cba84232b50fef4287951b2c4bfa746c2.tar tor-54d7d31cba84232b50fef4287951b2c4bfa746c2.tar.gz | |
Make ControlSocketsGroupWritable work with User.
Original message from bug3393:
check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.
The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.
(Code by lunar; changelog by nickm)
Diffstat (limited to 'src/common/util.h')
| -rw-r--r-- | src/common/util.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/common/util.h b/src/common/util.h index d657db674..b9db25ca7 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -292,7 +292,8 @@ typedef unsigned int cpd_check_t; #define CPD_CHECK 2 #define CPD_GROUP_OK 4 #define CPD_CHECK_MODE_ONLY 8 -int check_private_dir(const char *dirname, cpd_check_t check); +int check_private_dir(const char *dirname, cpd_check_t check, + const char *effective_user); #define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC) #define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND) typedef struct open_file_t open_file_t; |