diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-08-06 16:32:17 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-08-06 16:32:17 +0000 |
commit | 635f3c8aeef717d03a86117dfa81944fb6788bca (patch) | |
tree | e9a99b885c3f828119398d92388f1e808cdd06a9 /src | |
parent | 2905291af2c3719bdd482e8c6f59ec983fe0e827 (diff) | |
download | tor-635f3c8aeef717d03a86117dfa81944fb6788bca.tar.gz tor-635f3c8aeef717d03a86117dfa81944fb6788bca.zip |
r17664@tombo: nickm | 2008-08-06 12:32:09 -0400
Patch from Christopher Davis: open /dev/pf before dropping privileges. Fixes bug 782. Backport candidate.
svn:r16450
Diffstat (limited to 'src')
-rw-r--r-- | src/or/config.c | 10 | ||||
-rw-r--r-- | src/or/connection_edge.c | 4 | ||||
-rw-r--r-- | src/or/or.h | 4 |
3 files changed, 16 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c index 201a621e64..0edea45bd2 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1059,6 +1059,16 @@ options_act_reversible(or_options_t *old_options, char **msg) } } +#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H) + /* Open /dev/pf before dropping privileges. */ + if (options->TransPort) { + if (get_pf_socket() < 0) { + *msg = tor_strdup("Unable to open /dev/pf for transparent proxy."); + goto rollback; + } + } +#endif + /* Setuid/setgid as appropriate */ if (options->User || options->Group) { /* XXXX021 We should only do this the first time through, not on diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 123c011ff0..0746569a9f 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1653,11 +1653,11 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, #ifdef TRANS_PF static int pf_socket = -1; -static int +int get_pf_socket(void) { int pf; - /* Ideally, this should be opened before dropping privs. */ + /* This should be opened before dropping privs. */ if (pf_socket >= 0) return pf_socket; diff --git a/src/or/or.h b/src/or/or.h index 40b9efae9b..61ae79712c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2937,6 +2937,10 @@ typedef enum hostname_type_t { } hostname_type_t; hostname_type_t parse_extended_hostname(char *address); +#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H) +int get_pf_socket(void); +#endif + /********************************* connection_or.c ***************************/ void connection_or_remove_from_identity_map(or_connection_t *conn); |