diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-05-14 13:53:14 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-05-14 13:53:14 -0400 |
| commit | 9b4ac986cbe8867c24c8e77654a4b7e75f870738 (patch) | |
| tree | a70f07445bda6a29d21a1cc8619b6cc748813919 /src/common | |
| parent | e12af2adb0919d0de6d6ba44462d9255f63fca5b (diff) | |
| download | tor-9b4ac986cbe8867c24c8e77654a4b7e75f870738.tar tor-9b4ac986cbe8867c24c8e77654a4b7e75f870738.tar.gz | |
Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd). The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.
To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.
(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox. It's not desirable either.)
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/compat.c | 8 | ||||
| -rw-r--r-- | src/common/util.c | 10 |
2 files changed, 9 insertions, 9 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index 9f31cceb0..65446b530 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1792,7 +1792,7 @@ int switch_id(const char *user) { #ifndef _WIN32 - struct passwd *pw = NULL; + const struct passwd *pw = NULL; uid_t old_uid; gid_t old_gid; static int have_already_switched_id = 0; @@ -1813,7 +1813,7 @@ switch_id(const char *user) old_gid = getgid(); /* Lookup the user and group information, if we have a problem, bail out. */ - pw = getpwnam(user); + pw = tor_getpwnam(user); if (pw == NULL) { log_warn(LD_CONFIG, "Error setting configured user: %s not found", user); return -1; @@ -1984,10 +1984,10 @@ tor_disable_debugger_attach(void) char * get_user_homedir(const char *username) { - struct passwd *pw; + const struct passwd *pw; tor_assert(username); - if (!(pw = getpwnam(username))) { + if (!(pw = tor_getpwnam(username))) { log_err(LD_CONFIG,"User \"%s\" not found.", username); return NULL; } diff --git a/src/common/util.c b/src/common/util.c index d573b5624..d457ba970 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1871,7 +1871,7 @@ check_private_dir(const char *dirname, cpd_check_t check, char *f; #ifndef _WIN32 int mask; - struct passwd *pw = NULL; + const struct passwd *pw = NULL; uid_t running_uid; gid_t running_gid; #else @@ -1918,7 +1918,7 @@ check_private_dir(const char *dirname, cpd_check_t check, if (effective_user) { /* Look up the user and group information. * If we have a problem, bail out. */ - pw = getpwnam(effective_user); + pw = tor_getpwnam(effective_user); if (pw == NULL) { log_warn(LD_CONFIG, "Error setting configured user: %s not found", effective_user); @@ -1932,13 +1932,13 @@ check_private_dir(const char *dirname, cpd_check_t check, } if (st.st_uid != running_uid) { - struct passwd *pw = NULL; + const struct passwd *pw = NULL; char *process_ownername = NULL; - pw = getpwuid(running_uid); + pw = tor_getpwuid(running_uid); process_ownername = pw ? tor_strdup(pw->pw_name) : tor_strdup("<unknown>"); - pw = getpwuid(st.st_uid); + pw = tor_getpwuid(st.st_uid); log_warn(LD_FS, "%s is not owned by this user (%s, %d) but by " "%s (%d). Perhaps you are running Tor as the wrong user?", |