Pre-check hidden-service-dir permissions/ownership

See ticket #13942 where Tor dies if you feed it a hidden service directory with the wrong owner via SETCONF.
author: meejah <meejah@meejah.ca> 2014-12-10 22:15:04 -0700
committer: meejah <meejah@meejah.ca> 2014-12-11 18:46:56 -0700
commit: 85bfad1875994dee84eab8fff49189ba2be0b532 (patch)
tree: bb85cb27d85ae7d80beccc26e6c894178f3a50c3
parent: b73a7600afd4b1f13ac985df27cb703bd3ad427d (diff)
download: tor-85bfad1875994dee84eab8fff49189ba2be0b532.tar.gz
tor-85bfad1875994dee84eab8fff49189ba2be0b532.zip
2 files changed, 15 insertions, 0 deletions
diff --git a/changes/bug13942 b/changes/bug13942
new file mode 100644
index 0000000000..c1247b6ac5
--- /dev/null
+++ b/changes/bug13942
@@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden services):
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying."
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 26e5659123..a354d9062c 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -531,6 +531,16 @@ rend_config_services(const or_options_t *options, int validate_only)
     }
   }
   if (service) {
+      cpd_check_t check_opts = CPD_CHECK_MODE_ONLY;
+      if (service->dir_group_readable) {
+          check_opts |= CPD_GROUP_READ;
+      }
+
+      if (check_private_dir(service->directory, check_opts, options->User) < 0) {
+          rend_service_free(service);
+          return -1;
+      }
+
     if (validate_only) {
       rend_service_free(service);
     } else {
author	meejah <meejah@meejah.ca>	2014-12-10 22:15:04 -0700
committer	meejah <meejah@meejah.ca>	2014-12-11 18:46:56 -0700
commit	85bfad1875994dee84eab8fff49189ba2be0b532 (patch)
tree	bb85cb27d85ae7d80beccc26e6c894178f3a50c3
parent	b73a7600afd4b1f13ac985df27cb703bd3ad427d (diff)
download	tor-85bfad1875994dee84eab8fff49189ba2be0b532.tar.gz tor-85bfad1875994dee84eab8fff49189ba2be0b532.zip