attempt to add stat64 filename filters; failed due to getaddrinfo..

author: Cristian Toader <cristian.matei.toader@gmail.com> 2013-08-12 21:14:43 +0300
committer: Cristian Toader <cristian.matei.toader@gmail.com> 2013-08-12 21:14:43 +0300
commit: 8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4 (patch)
tree: 369ea3730d5b4a00ec81cf60486caebc7e59f2fe /src/or
parent: 44a4464cf6d4dac88c46b8ffdb6ad002d03ade62 (diff)
download: tor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.tar
tor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.tar.gz
3 files changed, 16 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c
index e53c2888f..e1b7b4e47 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6121,7 +6121,7 @@ remove_file_if_very_old(const char *fname, time_t now)
 #define VERY_OLD_FILE_AGE (28*24*60*60)
   struct stat st;
 
-  if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
+  if (stat(sandbox_intern_string(fname), &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
     char buf[ISO_TIME_LEN+1];
     format_local_iso_time(buf, st.st_mtime);
     log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
diff --git a/src/or/dns.c b/src/or/dns.c
index edcf92e5b..6dc0c05f9 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -24,6 +24,7 @@
 #include "relay.h"
 #include "router.h"
 #include "ht.h"
+#include "../common/sandbox.h"
 #ifdef HAVE_EVENT2_DNS_H
 #include <event2/event.h>
 #include <event2/dns.h>
@@ -1477,7 +1478,7 @@ configure_nameservers(int force)
 
   evdns_set_log_fn(evdns_log_cb);
   if (conf_fname) {
-    if (stat(conf_fname, &st)) {
+    if (stat(sandbox_intern_string(conf_fname), &st)) {
       log_warn(LD_EXIT, "Unable to stat resolver configuration in '%s': %s",
                conf_fname, strerror(errno));
       goto err;
diff --git a/src/or/main.c b/src/or/main.c
index c236e8399..a2fbe5f63 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2672,6 +2672,14 @@ sandbox_init_filter()
       "/dev/urandom", 0
   );
 
+  sandbox_cfg_allow_stat64_filename_array(&cfg, 5,
+      get_datadir_fname(NULL), 1,
+      get_datadir_fname("lock"), 1,
+      get_datadir_fname("state"), 1,
+      get_datadir_fname("router-stability"), 1,
+      get_datadir_fname("cached-extrainfo.new"), 1
+  );
+
   // orport
   if (server_mode(get_options())) {
     sandbox_cfg_allow_open_filename_array(&cfg, 13,
@@ -2689,6 +2697,11 @@ sandbox_init_filter()
         "/etc/resolv.conf", 0,
         "/dev/random", 0
     );
+
+    sandbox_cfg_allow_stat64_filename_array(&cfg, 2,
+        get_datadir_fname("keys"), 1,
+        get_datadir_fname("stats/dirreq-stats"), 1
+    );
   }
 
   sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");
author	Cristian Toader <cristian.matei.toader@gmail.com>	2013-08-12 21:14:43 +0300
committer	Cristian Toader <cristian.matei.toader@gmail.com>	2013-08-12 21:14:43 +0300
commit	8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4 (patch)
tree	369ea3730d5b4a00ec81cf60486caebc7e59f2fe /src/or
parent	44a4464cf6d4dac88c46b8ffdb6ad002d03ade62 (diff)
download	tor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.tar tor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.tar.gz