diff options
author | Peter Palfrader <peter@palfrader.org> | 2016-03-01 17:08:14 +0100 |
---|---|---|
committer | Peter Palfrader <peter@palfrader.org> | 2016-03-01 17:08:14 +0100 |
commit | 1ef7df551d8efc0a74536006c17bdaa3cbb0931d (patch) | |
tree | fcfbd01f83184691a22d72e0883c8cb001ca9f73 /src/common | |
parent | 9fc472e1a8a53a18dfbd5c9cde2f1c268c335e96 (diff) | |
download | tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.tar.gz tor-1ef7df551d8efc0a74536006c17bdaa3cbb0931d.zip |
First RelaxDirModeCheck implementation
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/util.c | 8 | ||||
-rw-r--r-- | src/common/util.h | 13 |
2 files changed, 13 insertions, 8 deletions
diff --git a/src/common/util.c b/src/common/util.c index b4355115d1..ce15d529de 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2063,7 +2063,6 @@ check_private_dir(const char *dirname, cpd_check_t check, #ifndef _WIN32 int fd; - unsigned unwanted_bits = 0; const struct passwd *pw = NULL; uid_t running_uid; gid_t running_gid; @@ -2197,12 +2196,17 @@ check_private_dir(const char *dirname, cpd_check_t check, close(fd); return -1; } + unsigned unwanted_bits = 0; if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) { unwanted_bits = 0027; } else { unwanted_bits = 0077; } - if ((st.st_mode & unwanted_bits) != 0) { + unsigned check_bits_filter = ~0; + if (check & CPD_RELAX_DIRMODE_CHECK) { + check_bits_filter = 0022; + } + if ((st.st_mode & unwanted_bits & check_bits_filter) != 0) { unsigned new_mode; if (check & CPD_CHECK_MODE_ONLY) { log_warn(LD_FS, "Permissions on directory %s are too permissive.", diff --git a/src/common/util.h b/src/common/util.h index 9657003105..ebcf88b32d 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -357,12 +357,13 @@ file_status_t file_status(const char *filename); /** Possible behaviors for check_private_dir() on encountering a nonexistent * directory; see that function's documentation for details. */ typedef unsigned int cpd_check_t; -#define CPD_NONE 0 -#define CPD_CREATE 1 -#define CPD_CHECK 2 -#define CPD_GROUP_OK 4 -#define CPD_GROUP_READ 8 -#define CPD_CHECK_MODE_ONLY 16 +#define CPD_NONE 0 +#define CPD_CREATE (1u << 0) +#define CPD_CHECK (1u << 1) +#define CPD_GROUP_OK (1u << 2) +#define CPD_GROUP_READ (1u << 3) +#define CPD_CHECK_MODE_ONLY (1u << 4) +#define CPD_RELAX_DIRMODE_CHECK (1u << 5) int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user); |