diff options
| author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-08-07 13:13:12 +0300 |
|---|---|---|
| committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-08-07 13:13:12 +0300 |
| commit | b3a8c08a9217effb0065b9bc5769f18e120ca4d1 (patch) | |
| tree | 6d73de0a22c13b491e3351713e5460a4ddcda367 /src/or/main.c | |
| parent | a960e56c6818a2b1ae0173a0c6439a0c0f68d969 (diff) | |
| download | tor-b3a8c08a9217effb0065b9bc5769f18e120ca4d1.tar.gz tor-b3a8c08a9217effb0065b9bc5769f18e120ca4d1.zip | |
orport progress (not functional), nickm suggested fixes
Diffstat (limited to 'src/or/main.c')
| -rw-r--r-- | src/or/main.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/src/or/main.c b/src/or/main.c index 3c9824677a..5b6b778ef5 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2645,23 +2645,18 @@ sandbox_init_filter() sandbox_cfg_t *cfg = sandbox_cfg_new(); // TODO: mem leak - sandbox_cfg_allow_openat_filename(&cfg, - get_datadir_fname("cached-status")); + sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-certs")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-certs.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-consensus")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs.tmp")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unverified-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdesc-consensus")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdesc-consensus.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-microdescs")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs.tmp")); sandbox_cfg_allow_open_filename(&cfg, @@ -2670,18 +2665,36 @@ sandbox_init_filter() get_datadir_fname("cached-microdescs.new.tmp")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unverified-microdesc-consensus")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-descriptors")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-descriptors.new")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("cached-extrainfo")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("state.tmp")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc.tmp")); - sandbox_cfg_allow_open_filename(&cfg, - get_datadir_fname("unparseable-desc")); + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc")); + + // orport + if (server_mode(get_options())) { + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_id_key")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key_ntor")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_id_key.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key_ntor.old")); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname2("keys", "secret_onion_key.tmp")); + + sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint")); + + sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf"); + } sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor"); |