aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <weasel@debian.org>2024-06-07 19:29:52 +0200
committertrinity-1686a <trinity@deuxfleurs.fr>2024-06-07 19:38:10 +0200
commit48b354e038eeaa0c4879275b4a539d4d52d49b4a (patch)
treea912edb15cd308beb6a3abb223950e31d55f09db
parentc7514b96641f2be180238a78fea961c11e671663 (diff)
downloadtor-48b354e038eeaa0c4879275b4a539d4d52d49b4a.tar.gz
tor-48b354e038eeaa0c4879275b4a539d4d52d49b4a.zip
fix sandbox for bandwidth authority
Diffstat
-rw-r--r--changes/bug409333
-rw-r--r--src/app/main/main.c5
-rw-r--r--src/lib/fs/files.c3
3 files changed, 10 insertions, 1 deletions
diff --git a/changes/bug40933 b/changes/bug40933
new file mode 100644
index 0000000000..c4f9eb085f
--- /dev/null
+++ b/changes/bug40933
@@ -0,0 +1,3 @@
+ o Minor bugfixes (sandbox, bwauth):
+ - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on
+ 0.2.2.1-alpha
diff --git a/src/app/main/main.c b/src/app/main/main.c
index a50a0aad6f..6d05bd1f5e 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -926,6 +926,11 @@ sandbox_init_filter(void)
OPEN_DATADIR("approved-routers");
OPEN_DATADIR_SUFFIX("my-consensus-microdesc", ".tmp");
OPEN_DATADIR_SUFFIX("my-consensus-ns", ".tmp");
+ if (options->V3BandwidthsFile) {
+ log_notice(LD_GENERAL, "Adding V3BandwidthsFile %s to sandboxing set.",
+ options->V3BandwidthsFile);
+ OPEN(options->V3BandwidthsFile);
+ }
}
if (options->ServerDNSResolvConfFile)
diff --git a/src/lib/fs/files.c b/src/lib/fs/files.c
index df59222913..914a8b8e72 100644
--- a/src/lib/fs/files.c
+++ b/src/lib/fs/files.c
@@ -85,7 +85,8 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
FILE *
tor_fopen_cloexec(const char *path, const char *mode)
{
- FILE *result = fopen(path, mode);
+ const char *p = sandbox_intern_string(path);
+ FILE *result = fopen(p, mode);
#ifdef FD_CLOEXEC
if (result != NULL) {
if (fcntl(fileno(result), F_SETFD, FD_CLOEXEC) == -1) {
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion