summaryrefslogtreecommitdiff
path: root/src/or/config.c
diff options
context:
space:
mode:
authorSebastian Hahn <sebastian@torproject.org>2011-12-08 09:19:09 +0100
committerNick Mathewson <nickm@torproject.org>2012-01-04 15:09:02 -0500
commit98959f63aca84e605fb98f10d943f2d28d627039 (patch)
tree7c43662044dfbf18dfc2b272c194be28947de96f /src/or/config.c
parent65420e4cb5edcd02b6f44462dcc5c3a7fa8bb2e9 (diff)
downloadtor-98959f63aca84e605fb98f10d943f2d28d627039.tar.gz
tor-98959f63aca84e605fb98f10d943f2d28d627039.zip
Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of success/failure/don't-know-how , and only log appropriately.
Diffstat (limited to 'src/or/config.c')
-rw-r--r--src/or/config.c33
1 files changed, 27 insertions, 6 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 740a9dbfd7..b118f30ace 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1326,12 +1326,26 @@ options_act(const or_options_t *old_options)
const int transition_affects_workers =
old_options && options_transition_affects_workers(old_options, options);
- /* disable ptrace and later, other basic debugging techniques */
- if (options->DisableDebuggerAttachment) {
- tor_disable_debugger_attach();
- } else {
- log_notice(LD_CONFIG,"Debugger attachment enabled "
- "for unprivileged users.");
+ /* disable ptrace and later, other basic debugging techniques */
+ {
+ /* Remember if we already disabled debugger attachment */
+ static int disabled_debugger_attach = 0;
+ /* Remember if we already warned about being configured not to disable
+ * debugger attachment */
+ static int warned_debugger_attach = 0;
+ if (options->DisableDebuggerAttachment && !disabled_debugger_attach) {
+ int ok = tor_disable_debugger_attach();
+ if (warned_debugger_attach && ok == 1) {
+ log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged "
+ "users.");
+ }
+ disabled_debugger_attach = (ok == 1);
+ } else if (!options->DisableDebuggerAttachment &&
+ !warned_debugger_attach) {
+ log_notice(LD_CONFIG, "Not disabling debugger attaching for "
+ "unprivileged users.");
+ warned_debugger_attach = 1;
+ }
}
if (running_tor && !have_lockfile()) {
@@ -4170,6 +4184,13 @@ options_transition_allowed(const or_options_t *old,
return -1;
}
+ if (old->DisableDebuggerAttachment &&
+ !new_val->DisableDebuggerAttachment) {
+ *msg = tor_strdup("While Tor is running, disabling "
+ "DisableDebuggerAttachment is not allowed.");
+ return -1;
+ }
+
return 0;
}