Correct check_private_dir's dir mode

This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12
"""check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""

1 files changed, 10 insertions, 12 deletions

diff --git a/src/common/util.c b/src/common/util.c
index 0865fe7c7f..0323264494 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1888,7 +1888,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
   struct stat st;
   char *f;
 #ifndef _WIN32
-  int mask;
   const struct passwd *pw = NULL;
   uid_t running_uid;
   gid_t running_gid;
@@ -1986,22 +1985,20 @@ check_private_dir(const char *dirname, cpd_check_t check,
     tor_free(process_groupname);
     return -1;
   }
-  if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
-    mask = 0027;
-  } else {
-    mask = 0077;
-  }
-  if (st.st_mode & mask) {
-    unsigned new_mode;
-    if (check & CPD_CHECK_MODE_ONLY) {
+  if (check & CPD_CHECK_MODE_ONLY) {
+    if (st.st_mode & 0077) {
       log_warn(LD_FS, "Permissions on directory %s are too permissive.",
                dirname);
       return -1;
     }
+  } else {
     log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
-    new_mode = st.st_mode;
-    new_mode |= 0700; /* Owner should have rwx */
-    new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
+    unsigned new_mode;
+    if (check & CPD_GROUP_READ) {
+      new_mode = 0750;
+    } else {
+      new_mode = 0700;
+    }
     if (chmod(dirname, new_mode)) {
       log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
           strerror(errno));
@@ -2010,6 +2007,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
       return 0;
     }
   }
+
 #endif
   return 0;
 }