Merge remote-tracking branch 'weasel/bug18458'

author: Nick Mathewson <nickm@torproject.org> 2016-03-15 09:18:24 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-03-15 09:18:24 -0400
commit: c9899ee64008b63cb9867115ac684590dd50f902 (patch)
tree: c888e23a31dea5caa5479c6ce152fb5169e6101f /src/common/util.c
parent: 4b02af452d12b35e58d3a8e5e7ef042970e26774 (diff)
parent: d8626d34e59ceb1a71b23646b9c1c1f4fec88638 (diff)
download: tor-c9899ee64008b63cb9867115ac684590dd50f902.tar.gz
tor-c9899ee64008b63cb9867115ac684590dd50f902.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/common/util.c b/src/common/util.c
index e8be91f459..52b87f8209 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2063,7 +2063,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
 
 #ifndef _WIN32
   int fd;
-  unsigned unwanted_bits = 0;
   const struct passwd *pw = NULL;
   uid_t running_uid;
   gid_t running_gid;
@@ -2200,12 +2199,17 @@ check_private_dir(const char *dirname, cpd_check_t check,
     close(fd);
     return -1;
   }
+  unsigned unwanted_bits = 0;
   if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
     unwanted_bits = 0027;
   } else {
     unwanted_bits = 0077;
   }
-  if ((st.st_mode & unwanted_bits) != 0) {
+  unsigned check_bits_filter = ~0;
+  if (check & CPD_RELAX_DIRMODE_CHECK) {
+    check_bits_filter = 0022;
+  }
+  if ((st.st_mode & unwanted_bits & check_bits_filter) != 0) {
     unsigned new_mode;
     if (check & CPD_CHECK_MODE_ONLY) {
       log_warn(LD_FS, "Permissions on directory %s are too permissive.",
author	Nick Mathewson <nickm@torproject.org>	2016-03-15 09:18:24 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-03-15 09:18:24 -0400
commit	c9899ee64008b63cb9867115ac684590dd50f902 (patch)
tree	c888e23a31dea5caa5479c6ce152fb5169e6101f /src/common/util.c
parent	4b02af452d12b35e58d3a8e5e7ef042970e26774 (diff)
parent	d8626d34e59ceb1a71b23646b9c1c1f4fec88638 (diff)
download	tor-c9899ee64008b63cb9867115ac684590dd50f902.tar.gz tor-c9899ee64008b63cb9867115ac684590dd50f902.zip