aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorCristian Toader <cristian.matei.toader@gmail.com>2013-08-12 21:14:43 +0300
committerCristian Toader <cristian.matei.toader@gmail.com>2013-08-12 21:14:43 +0300
commit8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4 (patch)
tree369ea3730d5b4a00ec81cf60486caebc7e59f2fe /src/or
parent44a4464cf6d4dac88c46b8ffdb6ad002d03ade62 (diff)
downloadtor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.tar.gz
tor-8a85a48b9d0ed2b298bcc26dfeb96fa7e31c05c4.zip
attempt to add stat64 filename filters; failed due to getaddrinfo..
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c2
-rw-r--r--src/or/dns.c3
-rw-r--r--src/or/main.c13
3 files changed, 16 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c
index e53c2888f1..e1b7b4e47f 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6121,7 +6121,7 @@ remove_file_if_very_old(const char *fname, time_t now)
#define VERY_OLD_FILE_AGE (28*24*60*60)
struct stat st;
- if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
+ if (stat(sandbox_intern_string(fname), &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
char buf[ISO_TIME_LEN+1];
format_local_iso_time(buf, st.st_mtime);
log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
diff --git a/src/or/dns.c b/src/or/dns.c
index edcf92e5b3..6dc0c05f9c 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -24,6 +24,7 @@
#include "relay.h"
#include "router.h"
#include "ht.h"
+#include "../common/sandbox.h"
#ifdef HAVE_EVENT2_DNS_H
#include <event2/event.h>
#include <event2/dns.h>
@@ -1477,7 +1478,7 @@ configure_nameservers(int force)
evdns_set_log_fn(evdns_log_cb);
if (conf_fname) {
- if (stat(conf_fname, &st)) {
+ if (stat(sandbox_intern_string(conf_fname), &st)) {
log_warn(LD_EXIT, "Unable to stat resolver configuration in '%s': %s",
conf_fname, strerror(errno));
goto err;
diff --git a/src/or/main.c b/src/or/main.c
index c236e8399d..a2fbe5f636 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2672,6 +2672,14 @@ sandbox_init_filter()
"/dev/urandom", 0
);
+ sandbox_cfg_allow_stat64_filename_array(&cfg, 5,
+ get_datadir_fname(NULL), 1,
+ get_datadir_fname("lock"), 1,
+ get_datadir_fname("state"), 1,
+ get_datadir_fname("router-stability"), 1,
+ get_datadir_fname("cached-extrainfo.new"), 1
+ );
+
// orport
if (server_mode(get_options())) {
sandbox_cfg_allow_open_filename_array(&cfg, 13,
@@ -2689,6 +2697,11 @@ sandbox_init_filter()
"/etc/resolv.conf", 0,
"/dev/random", 0
);
+
+ sandbox_cfg_allow_stat64_filename_array(&cfg, 2,
+ get_datadir_fname("keys"), 1,
+ get_datadir_fname("stats/dirreq-stats"), 1
+ );
}
sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");