From d41ac64ad68811d8575db6e456fba470b0c3fde7 Mon Sep 17 00:00:00 2001 From: Jérémy Bobbio Date: Sat, 23 Apr 2011 02:35:02 +0200 Subject: Add UnixSocketsGroupWritable config flag When running a system-wide instance of Tor on Unix-like systems, having a ControlSocket is a quite handy mechanism to access Tor control channel. But it would be easier if access to the Unix domain socket can be granted by making control users members of the group running the Tor process. This change introduces a UnixSocketsGroupWritable option, which will create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows ControlSocket to offer same access control measures than ControlPort+CookieAuthFileGroupReadable. See for more details. --- doc/tor.1.txt | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d95d764c6..d0d0c2f7c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -167,6 +167,11 @@ Other options can be specified either on the command-line (--option Like ControlPort, but listens on a Unix domain socket, rather than a TCP socket. (Unix and Unix-like systems only.) +**UnixSocketsGroupWritable** **0**|**1**:: + If this option is set to 0, don't allow the filesystem group to read and + write unix sockets (e.g. ControlSocket). If the option is set to 1, make + the control socket readable and writable by the default GID. (Default: 0) + **HashedControlPassword** __hashed_password__:: Don't allow any connections on the control port except when the other process knows the password whose one-way hash is __hashed_password__. You -- cgit v1.2.3 From 4198261291c8edbd5ba1617b7bfe3563e51edbe7 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Sat, 23 Apr 2011 02:57:53 +0200 Subject: Clean up the 2972 implementation a little --- changes/bug2972 | 5 +++++ doc/tor.1.txt | 2 +- src/or/config.c | 14 ++++++++++---- src/or/connection.c | 4 ++-- src/or/or.h | 2 +- 5 files changed, 19 insertions(+), 8 deletions(-) create mode 100644 changes/bug2972 (limited to 'doc') diff --git a/changes/bug2972 b/changes/bug2972 new file mode 100644 index 000000000..26afcca42 --- /dev/null +++ b/changes/bug2972 @@ -0,0 +1,5 @@ + o Minor features: + - Allow ControlSockets to be group-writable when the + ControlSocksGroupWritable configuration option is turned on. Patch + by Jérémy Bobbio; implements ticket 2972. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d0d0c2f7c..1815a8d96 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -167,7 +167,7 @@ Other options can be specified either on the command-line (--option Like ControlPort, but listens on a Unix domain socket, rather than a TCP socket. (Unix and Unix-like systems only.) -**UnixSocketsGroupWritable** **0**|**1**:: +**ControlSocketsGroupWritable** **0**|**1**:: If this option is set to 0, don't allow the filesystem group to read and write unix sockets (e.g. ControlSocket). If the option is set to 1, make the control socket readable and writable by the default GID. (Default: 0) diff --git a/src/or/config.c b/src/or/config.c index c81fc9c59..614fc48c3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -209,7 +209,7 @@ static config_var_t _option_vars[] = { V(ControlPortFileGroupReadable,BOOL, "0"), V(ControlPortWriteToFile, FILENAME, NULL), V(ControlSocket, LINELIST, NULL), - V(UnixSocketsGroupWritable, BOOL, "0"), + V(ControlSocketsGroupWritable, BOOL, "0"), V(CookieAuthentication, BOOL, "0"), V(CookieAuthFileGroupReadable, BOOL, "0"), V(CookieAuthFile, STRING, NULL), @@ -953,9 +953,15 @@ options_act_reversible(or_options_t *old_options, char **msg) } #ifndef HAVE_SYS_UN_H - if (options->ControlSocket || options->UnixSocketsGroupWritable) { - *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported" - " on this OS/with this build."); + if (options->ControlSocket || options->ControlSocketsGroupWritable) { + *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported " + "on this OS/with this build."); + goto rollback; + } +#else + if (options->ControlSocketsGroupWritable && !options->ControlSocket) { + *msg = tor_strdup("Setting ControlSocketGroupWritable without setting" + "a ControlSocket makes no sense."); goto rollback; } #endif diff --git a/src/or/connection.c b/src/or/connection.c index d0898c5e5..12e00e59b 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -966,9 +966,9 @@ connection_create_listener(const struct sockaddr *listensockaddr, tor_socket_strerror(tor_socket_errno(s))); goto err; } - if (get_options()->UnixSocketsGroupWritable) { + if (get_options()->ControlSocketsGroupWritable) { if (chmod(address, 0660) < 0) { - log_warn(LD_FS,"Unable to make %s group-readable.", address); + log_warn(LD_FS,"Unable to make %s group-writable.", address); tor_close_socket(s); goto err; } diff --git a/src/or/or.h b/src/or/or.h index b72693f02..b9d8319ba 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2445,7 +2445,7 @@ typedef struct { int ControlPort; /**< Port to listen on for control connections. */ config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on * for control connections. */ - int UnixSocketsGroupWritable; /**< Boolean: Are unix sockets g+rw? */ + int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */ int DirPort; /**< Port to listen on for directory connections. */ int DNSPort; /**< Port to listen on for DNS requests. */ int AssumeReachable; /**< Whether to publish our descriptor regardless. */ -- cgit v1.2.3