First RelaxDirModeCheck implementation

author: Peter Palfrader <peter@palfrader.org> 2016-03-01 17:08:14 +0100
committer: Peter Palfrader <peter@palfrader.org> 2016-03-01 17:08:14 +0100
commit: 1ef7df551d8efc0a74536006c17bdaa3cbb0931d (patch)
tree: fcfbd01f83184691a22d72e0883c8cb001ca9f73 /src/common/util.c
parent: 9fc472e1a8a53a18dfbd5c9cde2f1c268c335e96 (diff)
download: tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.tar.gz
tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/common/util.c b/src/common/util.c
index b4355115d1..ce15d529de 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2063,7 +2063,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
 
 #ifndef _WIN32
   int fd;
-  unsigned unwanted_bits = 0;
   const struct passwd *pw = NULL;
   uid_t running_uid;
   gid_t running_gid;
@@ -2197,12 +2196,17 @@ check_private_dir(const char *dirname, cpd_check_t check,
     close(fd);
     return -1;
   }
+  unsigned unwanted_bits = 0;
   if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
     unwanted_bits = 0027;
   } else {
     unwanted_bits = 0077;
   }
-  if ((st.st_mode & unwanted_bits) != 0) {
+  unsigned check_bits_filter = ~0;
+  if (check & CPD_RELAX_DIRMODE_CHECK) {
+    check_bits_filter = 0022;
+  }
+  if ((st.st_mode & unwanted_bits & check_bits_filter) != 0) {
     unsigned new_mode;
     if (check & CPD_CHECK_MODE_ONLY) {
       log_warn(LD_FS, "Permissions on directory %s are too permissive.",
author	Peter Palfrader <peter@palfrader.org>	2016-03-01 17:08:14 +0100
committer	Peter Palfrader <peter@palfrader.org>	2016-03-01 17:08:14 +0100
commit	1ef7df551d8efc0a74536006c17bdaa3cbb0931d (patch)
tree	fcfbd01f83184691a22d72e0883c8cb001ca9f73 /src/common/util.c
parent	9fc472e1a8a53a18dfbd5c9cde2f1c268c335e96 (diff)
download	tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.tar.gz tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.zip