r17664@tombo: nickm | 2008-08-06 12:32:09 -0400

Patch from Christopher Davis: open /dev/pf before dropping privileges.  Fixes bug 782.  Backport candidate.


svn:r16450

ChangeLog

@@ -7,6 +7,10 @@ Changes in version 0.2.1.5-alpha - 2008-08-??
   o Minor bugfixes:
     - Recover 3-7 bytes that were wasted per memory chunk.  Fixes bug
       794; bug spotted by rovv.  Bugfix on 0.2.0.1-alpha.
+    - When using the TransPort option on OpenBSD, and using the User
+      option to change UID and drop privileges, make sure to open
+      /dev/pf before dropping privileges.  Fixes bug 782.  Patch from
+      Christopher Davis.  Bugfix on 0.1.2.1-alpha.
 
 
 Changes in version 0.2.1.4-alpha - 2008-08-04

src/or/config.c

@@ -1059,6 +1059,16 @@ options_act_reversible(or_options_t *old_options, char **msg)
     }
   }
 
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+  /* Open /dev/pf before dropping privileges. */
+  if (options->TransPort) {
+    if (get_pf_socket() < 0) {
+      *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
+      goto rollback;
+    }
+  }
+#endif
+
   /* Setuid/setgid as appropriate */
   if (options->User || options->Group) {
     /* XXXX021 We should only do this the first time through, not on

src/or/connection_edge.c

@@ -1653,11 +1653,11 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
 
 #ifdef TRANS_PF
 static int pf_socket = -1;
-static int
+int
 get_pf_socket(void)
 {
   int pf;
-  /*  Ideally, this should be opened before dropping privs. */
+  /*  This should be opened before dropping privs. */
   if (pf_socket >= 0)
     return pf_socket;
 

src/or/or.h

@@ -2937,6 +2937,10 @@ typedef enum hostname_type_t {
 } hostname_type_t;
 hostname_type_t parse_extended_hostname(char *address);
 
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+int get_pf_socket(void);
+#endif
+
 /********************************* connection_or.c ***************************/
 
 void connection_or_remove_from_identity_map(or_connection_t *conn);