Nick Mathewson
465982012c
sandbox: Disallow options which would make us call exec()
...
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.
The longer-term solution is to have an exec() helper, but wow is
that risky.
fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e
sandbox: Permit access to stats/dirreq-stats
...
This prevents a crash when rotating logs with dirreq-stats enabled
fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
0b2b5b7606
Oops; permit rename with the correct filename
2014-05-20 12:03:27 -04:00
Nick Mathewson
ace9063fb4
Fix a sentence that I never
2014-05-20 11:58:18 -04:00
Nick Mathewson
f6d3006363
Sandbox: allow access to stats/bridge-stats
...
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Roger Dingledine
767b18ea8e
note a comment that nickm didn't finish
2014-05-17 00:02:41 -04:00
Andrea Shepard
b3edd04065
Add changes file for bug11476
2014-05-16 08:56:42 -07:00
Andrea Shepard
f7a55bc4b4
Turn --enable-mempools off by default
2014-05-16 08:51:51 -07:00
Nick Mathewson
ef9c00f539
Merge remote-tracking branch 'origin/maint-0.2.4'
...
This is an "ours" merge, to avoid taking the commit that bumped
maint-0.2.4's version to 0.2.4.22-dev.
2014-05-16 09:17:34 -04:00
Nick Mathewson
8d9602c21c
Bump maint-0.2.4 version to 0.2.4.22-dev
...
(See discussion on #9553 )
2014-05-16 09:16:54 -04:00
Nick Mathewson
34552740b1
Document that we're incrementing version numbers in maint.
...
(ticket 9553)
2014-05-16 09:14:38 -04:00
Nick Mathewson
0f4e661e7a
Forward-port 0.2.4.22 changelog
2014-05-16 09:06:48 -04:00
Nick Mathewson
2d21a8f4d6
Merge remote-tracking branch 'public/bug11469_024'
2014-05-15 13:35:08 -04:00
Nick Mathewson
081ff5fa83
whitespace fix, more
2014-05-14 22:55:02 -04:00
Nick Mathewson
a6eea86a2c
Merge branch 'bug11946'
2014-05-14 22:51:51 -04:00
Nick Mathewson
a88923e455
whitespace fix
2014-05-14 22:50:25 -04:00
Nick Mathewson
f694a443fc
Improved comments on bug11946 fix
2014-05-14 22:49:38 -04:00
Nick Mathewson
1badef5cec
Use DirPort for uploading descriptors.
...
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.
The problematic code was introduced in 5cbeb6080
, which went into
0.2.4.3-alpha. This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
9b4ac986cb
Use tor_getpw{nam,uid} wrappers to fix bug 11946
...
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd). The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.
To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.
(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox. It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0
Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
...
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Nick Mathewson
747f368c6d
make the changelog text wrapper respect arma's no-initial-openparen rule
2014-05-14 12:56:09 -04:00
Andrea Shepard
39d4e67be8
Add --disable-mempools configure option
2014-05-12 18:23:34 -07:00
Andrea Shepard
17435384c0
Turn --enable-buf-freelists off by default
2014-05-12 17:28:26 -07:00
Nick Mathewson
585582fc8c
Merge branch 'bug9781_v2'
2014-05-12 13:35:22 -04:00
Nick Mathewson
b5e142cb1b
Log an error reply from tor-fw-helper correctly.
...
Fix for bug 9781; bugfix on cd05f35d2c
in 0.2.4.2-alpha.
2014-05-12 13:35:01 -04:00
Nick Mathewson
75e850efe6
changes file for gisle vanem's MSVC fix
2014-05-12 11:49:17 -04:00
Gisle Vanem
c7ab8587c9
Fix compilation of test_status.c with MSVC
2014-05-12 00:34:23 -04:00
Nick Mathewson
6267d4f97a
fix whitespace
2014-05-11 23:40:48 -04:00
dana koch
d6e6c63baf
Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
...
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
de2010e9c2
One more 64->32
2014-05-08 14:10:30 -04:00
Nick Mathewson
28538069b2
Fix numerous 64->32 errors in the unit tests
...
Before the 11825 fix, these were all silently ignored.
2014-05-08 14:01:17 -04:00
Nick Mathewson
df68478938
Fix unearthed problems in unit tests
2014-05-08 13:16:08 -04:00
Nick Mathewson
5bb6172367
Fix numerous type errors in the unit tests
...
Remove tinytest casts that were suppressing them.
Fix for #11825 .
2014-05-08 13:08:13 -04:00
Nick Mathewson
1f11be2170
Fix test_util_max_mem on 32-bit CPUs
2014-05-08 12:48:41 -04:00
Nick Mathewson
891d239e01
More unit tests for #11648-related stuff
...
These are actually tests for #311 . It appears to me that we didn't
fix #311 properly when we thought we did in 475eb5d6; instead, the
real fix was 05eff35ac6
, a few minutes earlier.
2014-05-08 12:41:01 -04:00
Nick Mathewson
4eb3018f94
Move structures into (private) part of buffers.h so we can inspect them while testing
2014-05-08 12:40:40 -04:00
Nick Mathewson
5b861ae53f
Merge remote-tracking branch 'public/bug11648'
2014-05-08 12:01:23 -04:00
Nick Mathewson
c86b709a07
changes file for 11648
2014-05-08 12:01:12 -04:00
Nick Mathewson
a32d7e1910
Return success when get_total_system_memory() succeeds.
...
Fixes bug 11805; bugfix on 0.2.5.4-alpha.
2014-05-08 00:32:22 -04:00
Nick Mathewson
defe541a30
Merge remote-tracking branch 'origin/maint-0.2.4'
2014-05-07 23:12:51 -04:00
Nick Mathewson
411c622906
Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4
2014-05-07 23:11:32 -04:00
Nick Mathewson
2d83770237
Merge remote-tracking branch 'origin/maint-0.2.4'
2014-05-07 23:07:03 -04:00
Nick Mathewson
0ad8133a7e
Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4
2014-05-07 23:04:59 -04:00
Nick Mathewson
882893c8c3
Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4
2014-05-07 23:04:48 -04:00
Nick Mathewson
894c8b2266
Merge remote-tracking branch 'public/update_ciphers_ff28' into maint-0.2.4
2014-05-07 23:04:22 -04:00
Nick Mathewson
683b80bf81
Merge remote-tracking branch 'public/bug11737_diagnostic'
2014-05-07 22:52:44 -04:00
Nick Mathewson
c948bdaa28
Improve bug11743 message a bit.
2014-05-07 22:23:19 -04:00
Nick Mathewson
0de2625675
Merge remote-tracking branch 'public/bug8387_diagnostic'
2014-05-07 22:15:24 -04:00
Nick Mathewson
48b9c6fcc6
Better log message for 8387 diagnostic
2014-05-07 22:13:29 -04:00
Nick Mathewson
6d39c8d156
Always finalize a zlib stream of server descriptors.
...
Possible fix for bug 11648.
2014-05-07 10:23:08 -04:00