r13186@catbus: nickm | 2007-06-03 19:00:20 -0400

 Bind ports before setuid/setgid.


svn:r10473

3 files changed, 32 insertions, 21 deletions

diff --git a/ChangeLog b/ChangeLog
index b277741a2d..d1fddeac28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 Changes in version 0.2.0.3-alpha - 2007-??-??
-  o Minor bugfixes ():
+  o Minor features:
+    - Create listener connections before we setuid to the configured User and
+      Group.  This way, you can choose port values under 1024, start Tor as
+      root, and have Tor bind those ports before it changes to another UID.
+
+  o Minor bugfixes (dns):
     - Fix a crash when DNSPort is set more than once. (Patch from Robert
       Hogan.)
 
diff --git a/doc/TODO b/doc/TODO
index da171ef3a9..ca9b0aa063 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -246,7 +246,7 @@ Things we'd like to do in 0.2.0.x:
         - Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)
         - ...
     - Let servers decide to support BEGIN_DIR but not DirPort.
-    - Tor should bind its ports before dropping privs, so users don't
+    o Tor should bind its ports before dropping privs, so users don't
       have to do the ipchains dance.
     - Blocking-resistance.
     - It would be potentially helpful to https requests on the OR port by
diff --git a/src/or/config.c b/src/or/config.c
index 5bd144de6d..2d0b29538e 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -804,11 +804,36 @@ options_act_reversible(or_options_t *old_options, char **msg)
   int r = -1;
   int logs_marked = 0;
 
+  /* Daemonize _first_, since we only want to open most of this stuff in
+   * the subprocess. */
   if (running_tor && options->RunAsDaemon) {
     /* No need to roll back, since you can't change the value. */
     start_daemon();
   }
 
+  /* We need to set the connection limit before we can open the listeners. */
+  options->_ConnLimit =
+    set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
+  if (options->_ConnLimit < 0) {
+    *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
+    goto rollback;
+  }
+  set_conn_limit = 1;
+
+  /* Set up libevent.  (We need to do this before we can register the
+   * listeners as listeners.) */
+  if (running_tor && !libevent_initialized) {
+    init_libevent();
+    libevent_initialized = 1;
+  }
+
+  /* Launch the listeners.  (We do this before we setuid, so we can bind to
+   * ports under 1024.) */
+  if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
+    *msg = tor_strdup("Failed to bind one of the listener ports.");
+    goto rollback;
+  }
+
   /* Setuid/setgid as appropriate */
   if (options->User || options->Group) {
     if (switch_id(options->User, options->Group) != 0) {
@@ -819,12 +844,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
     }
   }
 
-  /* Set up libevent. */
-  if (running_tor && !libevent_initialized) {
-    init_libevent();
-    libevent_initialized = 1;
-  }
-
   /* Ensure data directory is private; create if possible. */
   if (check_private_dir(options->DataDirectory, CPD_CREATE)<0) {
     char buf[1024];
@@ -841,19 +860,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
   if (options->command != CMD_RUN_TOR)
     goto commit;
 
-  options->_ConnLimit =
-    set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
-  if (options->_ConnLimit < 0) {
-    *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
-    goto rollback;
-  }
-  set_conn_limit = 1;
-
-  if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
-    *msg = tor_strdup("Failed to bind one of the listener ports.");
-    goto rollback;
-  }
-
   mark_logs_temp(); /* Close current logs once new logs are open. */
   logs_marked = 1;
   if (options_init_logs(options, 0)<0) { /* Configure the log(s) */