summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-05-22 20:39:10 -0400
committerNick Mathewson <nickm@torproject.org>2014-05-22 20:39:10 -0400
commitcfd0ee514c279bc6c7b7c299e001693a5aeb1f5f (patch)
tree7d0c0b49612a79875133fbf509410875d5d3427b
parent85f49abfbe50d29e4314ed0a3b436f3b14162d00 (diff)
downloadtor-cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f.tar.gz
tor-cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f.zip
sandbox: allow reading of hidden service configuration files.
fixes part of 12064
-rw-r--r--changes/bug12064_part25
-rw-r--r--src/or/main.c11
-rw-r--r--src/or/rendservice.c25
-rw-r--r--src/or/rendservice.h1
4 files changed, 37 insertions, 5 deletions
diff --git a/changes/bug12064_part2 b/changes/bug12064_part2
new file mode 100644
index 0000000000..4fa86a641c
--- /dev/null
+++ b/changes/bug12064_part2
@@ -0,0 +1,5 @@
+ o Minor bugfixes (seccomp sandbox):
+ - Avoid warnings when running with sandboxing enabled at the same
+ time as cookie authentication, hidden services or directory
+ authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
+
diff --git a/src/or/main.c b/src/or/main.c
index ba462dcc49..1c855d5279 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2829,13 +2829,14 @@ sandbox_init_filter(void)
);
{
- smartlist_t *logfiles = smartlist_new();
- tor_log_get_logfile_names(logfiles);
- SMARTLIST_FOREACH(logfiles, char *, logfile_name, {
+ smartlist_t *files = smartlist_new();
+ tor_log_get_logfile_names(files);
+ rend_services_add_filenames_to_list(files);
+ SMARTLIST_FOREACH(files, char *, file_name, {
/* steals reference */
- sandbox_cfg_allow_open_filename(&cfg, logfile_name);
+ sandbox_cfg_allow_open_filename(&cfg, file_name);
});
- smartlist_free(logfiles);
+ smartlist_free(files);
}
{
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 5a81d07856..631e2a0f2e 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -656,6 +656,31 @@ rend_service_load_all_keys(void)
return 0;
}
+/** Add to <b>lst</b> every filename used by <b>s</b>. */
+static void
+rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
+{
+ tor_assert(lst);
+ tor_assert(s);
+ smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key",
+ s->directory);
+ smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname",
+ s->directory);
+ smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"client_keys",
+ s->directory);
+}
+
+/** Add to <b>lst</b> every filename used by a configured hidden service */
+void
+rend_services_add_filenames_to_list(smartlist_t *lst)
+{
+ if (!rend_service_list)
+ return;
+ SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
+ rend_service_add_filenames_to_list(lst, s);
+ } SMARTLIST_FOREACH_END(s);
+}
+
/** Load and/or generate private keys for the hidden service <b>s</b>,
* possibly including keys for client authorization. Return 0 on success, -1
* on failure. */
diff --git a/src/or/rendservice.h b/src/or/rendservice.h
index 4a810eb521..e8a953665b 100644
--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@@ -71,6 +71,7 @@ struct rend_intro_cell_s {
int num_rend_services(void);
int rend_config_services(const or_options_t *options, int validate_only);
int rend_service_load_all_keys(void);
+void rend_services_add_filenames_to_list(smartlist_t *lst);
void rend_services_introduce(void);
void rend_consider_services_upload(time_t now);
void rend_hsdir_routers_changed(void);