diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2011-12-08 09:19:09 +0100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-01-04 15:09:02 -0500 |
| commit | 98959f63aca84e605fb98f10d943f2d28d627039 (patch) | |
| tree | 7c43662044dfbf18dfc2b272c194be28947de96f /src/common | |
| parent | 65420e4cb5edcd02b6f44462dcc5c3a7fa8bb2e9 (diff) | |
| download | tor-98959f63aca84e605fb98f10d943f2d28d627039.tar tor-98959f63aca84e605fb98f10d943f2d28d627039.tar.gz | |
Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/compat.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index 27e006054..ff9d877cd 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1542,8 +1542,8 @@ switch_id(const char *user) * CAP_SYS_PTRACE and so it is very likely that root will still be able to * attach to the Tor process. */ -/** Attempt to disable debugger attachment: return 0 on success, -1 on - * failure. */ +/** Attempt to disable debugger attachment: return 1 on success, -1 on + * failure, and 0 if we don't know how to try on this platform. */ int tor_disable_debugger_attach(void) { @@ -1568,11 +1568,12 @@ tor_disable_debugger_attach(void) // XXX: TODO - Mac OS X has dtrace and this may be disabled. // XXX: TODO - Windows probably has something similar - if (r == 0) { + if (r == 0 && attempted) { log_debug(LD_CONFIG,"Debugger attachment disabled for " "unprivileged users."); + return 1; } else if (attempted) { - log_warn(LD_CONFIG, "Unable to disable ptrace attach: %s", + log_warn(LD_CONFIG, "Unable to disable debugger attaching: %s", strerror(errno)); } return r; |