diff options
author | Sebastian Hahn <sebastian@torproject.org> | 2011-12-08 09:19:09 +0100 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-01-04 15:09:02 -0500 |
commit | 98959f63aca84e605fb98f10d943f2d28d627039 (patch) | |
tree | 7c43662044dfbf18dfc2b272c194be28947de96f /src/or/config.c | |
parent | 65420e4cb5edcd02b6f44462dcc5c3a7fa8bb2e9 (diff) | |
download | tor-98959f63aca84e605fb98f10d943f2d28d627039.tar.gz tor-98959f63aca84e605fb98f10d943f2d28d627039.zip |
Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
Diffstat (limited to 'src/or/config.c')
-rw-r--r-- | src/or/config.c | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/src/or/config.c b/src/or/config.c index 740a9dbfd7..b118f30ace 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1326,12 +1326,26 @@ options_act(const or_options_t *old_options) const int transition_affects_workers = old_options && options_transition_affects_workers(old_options, options); - /* disable ptrace and later, other basic debugging techniques */ - if (options->DisableDebuggerAttachment) { - tor_disable_debugger_attach(); - } else { - log_notice(LD_CONFIG,"Debugger attachment enabled " - "for unprivileged users."); + /* disable ptrace and later, other basic debugging techniques */ + { + /* Remember if we already disabled debugger attachment */ + static int disabled_debugger_attach = 0; + /* Remember if we already warned about being configured not to disable + * debugger attachment */ + static int warned_debugger_attach = 0; + if (options->DisableDebuggerAttachment && !disabled_debugger_attach) { + int ok = tor_disable_debugger_attach(); + if (warned_debugger_attach && ok == 1) { + log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged " + "users."); + } + disabled_debugger_attach = (ok == 1); + } else if (!options->DisableDebuggerAttachment && + !warned_debugger_attach) { + log_notice(LD_CONFIG, "Not disabling debugger attaching for " + "unprivileged users."); + warned_debugger_attach = 1; + } } if (running_tor && !have_lockfile()) { @@ -4170,6 +4184,13 @@ options_transition_allowed(const or_options_t *old, return -1; } + if (old->DisableDebuggerAttachment && + !new_val->DisableDebuggerAttachment) { + *msg = tor_strdup("While Tor is running, disabling " + "DisableDebuggerAttachment is not allowed."); + return -1; + } + return 0; } |