Pre-check hidden-service-dir permissions/ownership

See ticket #13942 where Tor dies if you feed it a hidden service directory with the wrong owner via SETCONF.
2024-11-10 21:23:58 +01:00 · 2014-12-10 22:15:04 -07:00 · 2014-12-10 22:15:04 -07:00 · 85bfad1875
commit 85bfad1875
parent b73a7600af
2 changed files with 15 additions and 0 deletions
--- a/changes/bug13942
+++ b/changes/bug13942
@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden services):
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying."
+
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -531,6 +531,16 @@ rend_config_services(const or_options_t *options, int validate_only)
    }
  }
  if (service) {
+      cpd_check_t check_opts = CPD_CHECK_MODE_ONLY;
+      if (service->dir_group_readable) {
+          check_opts |= CPD_GROUP_READ;
+      }
+
+      if (check_private_dir(service->directory, check_opts, options->User) < 0) {
+          rend_service_free(service);
+          return -1;
+      }
+
    if (validate_only) {
      rend_service_free(service);
    } else {