diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-08-09 10:42:37 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-08-09 10:45:48 -0400 |
| commit | eb43401bfb6d69db66d256582a99e63de7d222d8 (patch) | |
| tree | a3a27cd622b1d4797fa28bfe87d09d56401ba683 /src/or/config.c | |
| parent | 94352368db9045a9704c713dbbc0f41ecc511910 (diff) | |
| download | tor-eb43401bfb6d69db66d256582a99e63de7d222d8.tar.gz tor-eb43401bfb6d69db66d256582a99e63de7d222d8.zip | |
Add a 'NoExec' option that causes tor_spawn_background() to fail
Core of an implementation for 22976.
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c index 9b6bf40ebf..16e4ded696 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -409,6 +409,7 @@ static config_var_t option_vars_[] = { OBSOLETE("PredictedPortsRelevanceTime"), OBSOLETE("WarnUnsafeSocks"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), + V(NoExec, BOOL, "0"), V(NumCPUs, UINT, "0"), V(NumDirectoryGuards, UINT, "0"), V(NumEntryGuards, UINT, "0"), @@ -1595,6 +1596,10 @@ options_act(const or_options_t *old_options) const int transition_affects_guards = old_options && options_transition_affects_guards(old_options, options); + if (options->NoExec) { + tor_disable_spawning_background_processes(); + } + /* disable ptrace and later, other basic debugging techniques */ { /* Remember if we already disabled debugger attachment */ @@ -4447,6 +4452,12 @@ options_transition_allowed(const or_options_t *old, return -1; } + if (old->NoExec && !new_val->NoExec) { + *msg = tor_strdup("While Tor is running, disabling " + "NoExec is not allowed."); + return -1; + } + if (sandbox_is_active()) { #define SB_NOCHANGE_STR(opt) \ do { \ |