mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-21 05:26:20 +02:00
Merge branch 'maint-0.4.5' into maint-0.4.6
This commit is contained in:
commit
debede5e50
5
changes/bug40317
Normal file
5
changes/bug40317
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor bugfixes (control, sandbox):
|
||||||
|
- Allows the control command SAVECONF to succeed when the seccomp
|
||||||
|
sandbox is enabled. Makes SAVECONF keep only one backup file to
|
||||||
|
simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
|
||||||
|
Patch by Daniel Pinto.
|
@ -6856,7 +6856,7 @@ validate_data_directories(or_options_t *options)
|
|||||||
/** This string can change; it tries to give the reader an idea
|
/** This string can change; it tries to give the reader an idea
|
||||||
* that editing this file by hand is not a good plan. */
|
* that editing this file by hand is not a good plan. */
|
||||||
#define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
|
#define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
|
||||||
"to torrc.orig.1 or similar, and Tor will ignore it"
|
"to torrc.orig.1, and Tor will ignore it"
|
||||||
|
|
||||||
/** Save a configuration file for the configuration in <b>options</b>
|
/** Save a configuration file for the configuration in <b>options</b>
|
||||||
* into the file <b>fname</b>. If the file already exists, and
|
* into the file <b>fname</b>. If the file already exists, and
|
||||||
@ -6900,17 +6900,18 @@ write_configuration_file(const char *fname, const or_options_t *options)
|
|||||||
GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
|
GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
|
||||||
|
|
||||||
if (rename_old) {
|
if (rename_old) {
|
||||||
int i = 1;
|
|
||||||
char *fn_tmp = NULL;
|
char *fn_tmp = NULL;
|
||||||
while (1) {
|
tor_asprintf(&fn_tmp, CONFIG_BACKUP_PATTERN, fname);
|
||||||
tor_asprintf(&fn_tmp, "%s.orig.%d", fname, i);
|
file_status_t fn_tmp_status = file_status(fn_tmp);
|
||||||
if (file_status(fn_tmp) == FN_NOENT)
|
if (fn_tmp_status == FN_DIR || fn_tmp_status == FN_ERROR) {
|
||||||
break;
|
log_warn(LD_CONFIG,
|
||||||
|
"Config backup file \"%s\" is not a file? Failing.", fn_tmp);
|
||||||
tor_free(fn_tmp);
|
tor_free(fn_tmp);
|
||||||
++i;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
|
log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
|
||||||
if (tor_rename(fname, fn_tmp) < 0) {//XXXX sandbox doesn't allow
|
if (replace_file(fname, fn_tmp) < 0) {
|
||||||
log_warn(LD_FS,
|
log_warn(LD_FS,
|
||||||
"Couldn't rename configuration file \"%s\" to \"%s\": %s",
|
"Couldn't rename configuration file \"%s\" to \"%s\": %s",
|
||||||
fname, fn_tmp, strerror(errno));
|
fname, fn_tmp, strerror(errno));
|
||||||
|
@ -44,6 +44,9 @@ int get_protocol_warning_severity_level(void);
|
|||||||
|
|
||||||
#define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level())
|
#define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level())
|
||||||
|
|
||||||
|
/** Pattern for backing up configuration files */
|
||||||
|
#define CONFIG_BACKUP_PATTERN "%s.orig.1"
|
||||||
|
|
||||||
/** An error from options_trial_assign() or options_init_from_string(). */
|
/** An error from options_trial_assign() or options_init_from_string(). */
|
||||||
typedef enum setopt_err_t {
|
typedef enum setopt_err_t {
|
||||||
SETOPT_OK = 0,
|
SETOPT_OK = 0,
|
||||||
|
@ -852,7 +852,6 @@ sandbox_init_filter(void)
|
|||||||
{
|
{
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
sandbox_cfg_t *cfg = sandbox_cfg_new();
|
sandbox_cfg_t *cfg = sandbox_cfg_new();
|
||||||
int i;
|
|
||||||
|
|
||||||
sandbox_cfg_allow_openat_filename(&cfg,
|
sandbox_cfg_allow_openat_filename(&cfg,
|
||||||
get_cachedir_fname("cached-status"));
|
get_cachedir_fname("cached-status"));
|
||||||
@ -938,10 +937,23 @@ sandbox_init_filter(void)
|
|||||||
else
|
else
|
||||||
sandbox_cfg_allow_open_filename(&cfg, tor_strdup("/etc/resolv.conf"));
|
sandbox_cfg_allow_open_filename(&cfg, tor_strdup("/etc/resolv.conf"));
|
||||||
|
|
||||||
for (i = 0; i < 2; ++i) {
|
const char *torrc_defaults_fname = get_torrc_fname(1);
|
||||||
if (get_torrc_fname(i)) {
|
if (torrc_defaults_fname) {
|
||||||
sandbox_cfg_allow_open_filename(&cfg, tor_strdup(get_torrc_fname(i)));
|
sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_defaults_fname));
|
||||||
}
|
}
|
||||||
|
const char *torrc_fname = get_torrc_fname(0);
|
||||||
|
if (torrc_fname) {
|
||||||
|
sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_fname));
|
||||||
|
// allow torrc backup and torrc.tmp to make SAVECONF work
|
||||||
|
char *torrc_bck = NULL;
|
||||||
|
tor_asprintf(&torrc_bck, CONFIG_BACKUP_PATTERN, torrc_fname);
|
||||||
|
sandbox_cfg_allow_rename(&cfg, tor_strdup(torrc_fname), torrc_bck);
|
||||||
|
char *torrc_tmp = NULL;
|
||||||
|
tor_asprintf(&torrc_tmp, "%s.tmp", torrc_fname);
|
||||||
|
sandbox_cfg_allow_rename(&cfg, torrc_tmp, tor_strdup(torrc_fname));
|
||||||
|
sandbox_cfg_allow_open_filename(&cfg, tor_strdup(torrc_tmp));
|
||||||
|
// we need to stat the existing backup file
|
||||||
|
sandbox_cfg_allow_stat_filename(&cfg, tor_strdup(torrc_bck));
|
||||||
}
|
}
|
||||||
|
|
||||||
SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, {
|
SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, {
|
||||||
|
Loading…
Reference in New Issue
Block a user