diff options
| author | Steven Murdoch <Steven.Murdoch@cl.cam.ac.uk> | 2008-11-12 01:10:21 +0000 |
|---|---|---|
| committer | Steven Murdoch <Steven.Murdoch@cl.cam.ac.uk> | 2008-11-12 01:10:21 +0000 |
| commit | db94f36633ba0facf1dd1424a7adc60ed391868b (patch) | |
| tree | 350df5fb513264b5bcceb9caf1eda294cecdd4b5 /ChangeLog | |
| parent | 5fbba9fa3387c0b2f2fd53f0e0d766a3f02bcfb5 (diff) | |
| download | tor-db94f36633ba0facf1dd1424a7adc60ed391868b.tar.gz tor-db94f36633ba0facf1dd1424a7adc60ed391868b.zip | |
Backport of changesets 17200, 17201, 17203-17206, 17228, 17232, 17236: Patch from Jacob Appelbaum and me to make User option more robust, properly set supplementary groups, deprecated the Group option, and log more information on credential switching. Fixes bugs 848 and 857
svn:r17255
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -1,4 +1,13 @@ Changes in version 0.2.0.32 - 2008-??-?? + o Security fixes: + - The "User" and "Group" config options did not clear the + supplementary group entries for the Tor process. The "User" option + is now more robust, and we now set the groups to the specified + user's primary group. The "Group" option is now ignored. For more + detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL + in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum + and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857. + o Major bugfixes: - Fix a DOS opportunity during the voting signature collection process at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x. |