nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bug26913_033'

Browse Source
This commit is contained in:
Nick Mathewson 2018-09-24 11:17:09 -04:00
commit 9767cf8cc0
3 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/ticket26913 Normal file
View File

@ -0,0 +1,7 @@
o Minor bugfixes (directory permissions):
- When a user requests a group-readable DataDirectory, give it to
them. Previously, when the DataDirectory and the CacheDirectory
were the same, the default setting (0) for
CacheDirectoryGroupReadable would always override the setting for
DataDirectoryGroupReadable. Fixes bug 26913; bugfix on
0.3.3.1-alpha.

6
doc/tor.1.txt
View File

@ -433,10 +433,12 @@ GENERAL OPTIONS
running. running.
(Default: uses the value of DataDirectory.) (Default: uses the value of DataDirectory.)
[[CacheDirectoryGroupReadable]] **CacheDirectoryGroupReadable** **0**|**1**:: [[CacheDirectoryGroupReadable]] **CacheDirectoryGroupReadable** **0**|**1**|**auto**::
If this option is set to 0, don't allow the filesystem group to read the If this option is set to 0, don't allow the filesystem group to read the
CacheDirectory. If the option is set to 1, make the CacheDirectory readable CacheDirectory. If the option is set to 1, make the CacheDirectory readable
by the default GID. (Default: 0) by the default GID. If the option is "auto", then we use the
setting for DataDirectoryGroupReadable when the CacheDirectory is the
same as the DataDirectory, and 0 otherwise. (Default: auto)
[[FallbackDir]] **FallbackDir** __ipv4address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__] [ipv6=**[**__ipv6address__**]**:__orport__]:: [[FallbackDir]] **FallbackDir** __ipv4address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__] [ipv6=**[**__ipv6address__**]**:__orport__]::
When we're unable to connect to any directory cache for directory info When we're unable to connect to any directory cache for directory info

21
src/app/config/config.c
View File

@ -319,7 +319,7 @@ static config_var_t option_vars_[] = {
V(BridgeRelay, BOOL, "0"), V(BridgeRelay, BOOL, "0"),
V(BridgeDistribution, STRING, NULL), V(BridgeDistribution, STRING, NULL),
VAR("CacheDirectory", FILENAME, CacheDirectory_option, NULL), VAR("CacheDirectory", FILENAME, CacheDirectory_option, NULL),
V(CacheDirectoryGroupReadable, BOOL, "0"), V(CacheDirectoryGroupReadable, AUTOBOOL, "auto"),
V(CellStatistics, BOOL, "0"), V(CellStatistics, BOOL, "0"),
V(PaddingStatistics, BOOL, "1"), V(PaddingStatistics, BOOL, "1"),
V(LearnCircuitBuildTimeout, BOOL, "1"), V(LearnCircuitBuildTimeout, BOOL, "1"),
@ -1569,9 +1569,26 @@ options_act_reversible(const or_options_t *old_options, char **msg)
msg) < 0) { msg) < 0) {
goto done; goto done;
} }
/* We need to handle the group-readable flag for the cache directory
* specially, since the directory defaults to being the same as the
* DataDirectory. */
int cache_dir_group_readable;
if (options->CacheDirectoryGroupReadable != -1) {
/* If the user specified a value, use their setting */
cache_dir_group_readable = options->CacheDirectoryGroupReadable;
} else if (!strcmp(options->CacheDirectory, options->DataDirectory)) {
/* If the user left the value as "auto", and the cache is the same as the
* datadirectory, use the datadirectory setting.
*/
cache_dir_group_readable = options->DataDirectoryGroupReadable;
} else {
/* Otherwise, "auto" means "not group readable". */
cache_dir_group_readable = 0;
}
if (check_and_create_data_directory(running_tor /* create */, if (check_and_create_data_directory(running_tor /* create */,
options->CacheDirectory, options->CacheDirectory,
options->CacheDirectoryGroupReadable, cache_dir_group_readable,
options->User, options->User,
msg) < 0) { msg) < 0) {
goto done; goto done;