diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-09-01 22:05:32 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-09-01 22:05:32 +0000 |
| commit | 6784c9e3140f7b9353fb6f2c48c0020752399ec1 (patch) | |
| tree | b45445cb39acdfd1bca7b74ad1e19aab0a3f8749 | |
| parent | 278a89d75a8b9d2b69373bc7e59dfdda996965cc (diff) | |
| download | tor-6784c9e3140f7b9353fb6f2c48c0020752399ec1.tar.gz tor-6784c9e3140f7b9353fb6f2c48c0020752399ec1.zip | |
Backport r16450 to 0.2.0.x: open /dev/pf before dropping privileges.
svn:r16726
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | doc/TODO.020 | 2 | ||||
| -rw-r--r-- | src/or/config.c | 10 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 4 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
5 files changed, 21 insertions, 3 deletions
@@ -22,6 +22,10 @@ Changes in version 0.2.0.31 - 2008-08-?? trying session resumption at this point, but apparently some did, in ways that caused the handshake to fail. Bugfix on 0.2.0.20-rc. Bug found by Geoff Goodell. + - When using the TransPort option on OpenBSD, and using the User + option to change UID and drop privileges, make sure to open + /dev/pf before dropping privileges. Fixes bug 782. Patch from + Christopher Davis. Bugfix on 0.1.2.1-alpha. Changes in version 0.2.0.30 - 2008-07-15 diff --git a/doc/TODO.020 b/doc/TODO.020 index 4aa3eb839b..d87db8c940 100644 --- a/doc/TODO.020 +++ b/doc/TODO.020 @@ -11,7 +11,7 @@ Backport for 0.2.0 once better tested: o r15821: fix bug related to TLS session negotiation. o r16136: prevent circid collision. [Also backport to 0.1.2.x??] - r16143: generate stream close events from connection_edge_destroy(). - - r16450: open /dev/pf before dropping privileges. + o r16450: open /dev/pf before dropping privileges. - r16605: relays reject risky extend cells. - r16698: don't use a new entry guard that's also your exit. diff --git a/src/or/config.c b/src/or/config.c index 6c9004dbda..d63ff9fb03 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1022,6 +1022,16 @@ options_act_reversible(or_options_t *old_options, char **msg) } } +#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H) + /* Open /dev/pf before dropping privileges. */ + if (options->TransPort) { + if (get_pf_socket() < 0) { + *msg = tor_strdup("Unable to open /dev/pf for transparent proxy."); + goto rollback; + } + } +#endif + /* Setuid/setgid as appropriate */ if (options->User || options->Group) { /* XXXX021 We should only do this the first time through, not on diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 64f8ceb9f4..2d555a499f 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1636,11 +1636,11 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, #ifdef TRANS_PF static int pf_socket = -1; -static int +int get_pf_socket(void) { int pf; - /* Ideally, this should be opened before dropping privs. */ + /* This should be opened before dropping privs. */ if (pf_socket >= 0) return pf_socket; diff --git a/src/or/or.h b/src/or/or.h index 6f7d92cabf..50f1b37baa 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2856,6 +2856,10 @@ typedef enum hostname_type_t { } hostname_type_t; hostname_type_t parse_extended_hostname(char *address); +#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H) +int get_pf_socket(void); +#endif + /********************************* connection_or.c ***************************/ void connection_or_remove_from_identity_map(or_connection_t *conn); |