From 48b354e038eeaa0c4879275b4a539d4d52d49b4a Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Fri, 7 Jun 2024 19:29:52 +0200 Subject: [PATCH] fix sandbox for bandwidth authority --- changes/bug40933 | 3 +++ src/app/main/main.c | 5 +++++ src/lib/fs/files.c | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 changes/bug40933 diff --git a/changes/bug40933 b/changes/bug40933 new file mode 100644 index 0000000000..c4f9eb085f --- /dev/null +++ b/changes/bug40933 @@ -0,0 +1,3 @@ + o Minor bugfixes (sandbox, bwauth): + - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on + 0.2.2.1-alpha diff --git a/src/app/main/main.c b/src/app/main/main.c index a50a0aad6f..6d05bd1f5e 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -926,6 +926,11 @@ sandbox_init_filter(void) OPEN_DATADIR("approved-routers"); OPEN_DATADIR_SUFFIX("my-consensus-microdesc", ".tmp"); OPEN_DATADIR_SUFFIX("my-consensus-ns", ".tmp"); + if (options->V3BandwidthsFile) { + log_notice(LD_GENERAL, "Adding V3BandwidthsFile %s to sandboxing set.", + options->V3BandwidthsFile); + OPEN(options->V3BandwidthsFile); + } } if (options->ServerDNSResolvConfFile) diff --git a/src/lib/fs/files.c b/src/lib/fs/files.c index df59222913..914a8b8e72 100644 --- a/src/lib/fs/files.c +++ b/src/lib/fs/files.c @@ -85,7 +85,8 @@ tor_open_cloexec(const char *path, int flags, unsigned mode) FILE * tor_fopen_cloexec(const char *path, const char *mode) { - FILE *result = fopen(path, mode); + const char *p = sandbox_intern_string(path); + FILE *result = fopen(p, mode); #ifdef FD_CLOEXEC if (result != NULL) { if (fcntl(fileno(result), F_SETFD, FD_CLOEXEC) == -1) {