diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-06-14 12:25:33 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-06-14 12:25:33 -0400 |
| commit | 8839b86085dbb9ccf26165b6eae4d09462bc88b6 (patch) | |
| tree | 4572f6b0c38136b3d631c8878b7108213627960e /src/common | |
| parent | 910dadd6eab5b2b3af3b655f52b861085f379b84 (diff) | |
| parent | 54d7d31cba84232b50fef4287951b2c4bfa746c2 (diff) | |
| download | tor-8839b86085dbb9ccf26165b6eae4d09462bc88b6.tar.gz tor-8839b86085dbb9ccf26165b6eae4d09462bc88b6.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2'
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/util.c | 33 | ||||
| -rw-r--r-- | src/common/util.h | 3 |
2 files changed, 28 insertions, 8 deletions
diff --git a/src/common/util.c b/src/common/util.c index a5a6ea3e8b..629c33977b 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1678,15 +1678,20 @@ file_status(const char *fname) * is group-readable, but in all cases we create the directory mode 0700. * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions * if they are too permissive: we just return -1. + * When effective_user is not NULL, check permissions against the given user and + * its primary group. */ int -check_private_dir(const char *dirname, cpd_check_t check) +check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user) { int r; struct stat st; char *f; #ifndef MS_WINDOWS int mask; + struct passwd *pw = NULL; + uid_t running_uid; + gid_t running_gid; #endif tor_assert(dirname); @@ -1725,33 +1730,47 @@ check_private_dir(const char *dirname, cpd_check_t check) return -1; } #ifndef MS_WINDOWS - if (st.st_uid != getuid()) { + if (effective_user) { + /* Lookup the user and group information, if we have a problem, bail out. */ + pw = getpwnam(effective_user); + if (pw == NULL) { + log_warn(LD_CONFIG, "Error setting configured user: %s not found", effective_user); + return -1; + } + running_uid = pw->pw_uid; + running_gid = pw->pw_gid; + } else { + running_uid = getuid(); + running_gid = getgid(); + } + + if (st.st_uid != running_uid) { struct passwd *pw = NULL; char *process_ownername = NULL; - pw = getpwuid(getuid()); + pw = getpwuid(running_uid); process_ownername = pw ? tor_strdup(pw->pw_name) : tor_strdup("<unknown>"); pw = getpwuid(st.st_uid); log_warn(LD_FS, "%s is not owned by this user (%s, %d) but by " "%s (%d). Perhaps you are running Tor as the wrong user?", - dirname, process_ownername, (int)getuid(), + dirname, process_ownername, (int)running_uid, pw ? pw->pw_name : "<unknown>", (int)st.st_uid); tor_free(process_ownername); return -1; } - if ((check & CPD_GROUP_OK) && st.st_gid != getgid()) { + if ((check & CPD_GROUP_OK) && st.st_gid != running_gid) { struct group *gr; char *process_groupname = NULL; - gr = getgrgid(getgid()); + gr = getgrgid(running_gid); process_groupname = gr ? tor_strdup(gr->gr_name) : tor_strdup("<unknown>"); gr = getgrgid(st.st_gid); log_warn(LD_FS, "%s is not owned by this group (%s, %d) but by group " "%s (%d). Are you running Tor as the wrong user?", - dirname, process_groupname, (int)getgid(), + dirname, process_groupname, (int)running_gid, gr ? gr->gr_name : "<unknown>", (int)st.st_gid); tor_free(process_groupname); diff --git a/src/common/util.h b/src/common/util.h index 2974ab7538..6496c42db8 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -292,7 +292,8 @@ typedef unsigned int cpd_check_t; #define CPD_CHECK 2 #define CPD_GROUP_OK 4 #define CPD_CHECK_MODE_ONLY 8 -int check_private_dir(const char *dirname, cpd_check_t check); +int check_private_dir(const char *dirname, cpd_check_t check, + const char *effective_user); #define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC) #define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND) typedef struct open_file_t open_file_t; |