[tor-commits] [tor/master] Don't chmod/chown unix sockets if their permissions are already ok
nickm at torproject.org
nickm at torproject.org
Tue Mar 22 14:10:39 UTC 2016
commit 0cdeac77e0332c37dd4cc7867e34214961db9009
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Mar 14 13:40:44 2016 -0400
Don't chmod/chown unix sockets if their permissions are already ok
This is a part of a fix for 18253; bugfix on 0.2.8.1-alpha.
Alternatively, we could permit chmod/chown in the sandbox, but I
really don't like giving the sandbox permission to alter
permissions.
---
src/or/connection.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index 2e1c508..2c135ca 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1283,10 +1283,14 @@ connection_listener_new(const struct sockaddr *listensockaddr,
#ifdef HAVE_PWD_H
if (options->User) {
pw = tor_getpwnam(options->User);
+ struct stat st;
if (pw == NULL) {
log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
address, options->User);
goto err;
+ } else if (fstat(s, &st) == 0 &&
+ st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
+ /* No change needed */
} else if (chown(address, pw->pw_uid, pw->pw_gid) < 0) {
log_warn(LD_NET,"Unable to chown() %s socket: %s.",
address, strerror(errno));
@@ -1298,6 +1302,7 @@ connection_listener_new(const struct sockaddr *listensockaddr,
{
unsigned mode;
const char *status;
+ struct stat st;
if (port_cfg->is_world_writable) {
mode = 0666;
status = "world-writable";
@@ -1310,7 +1315,9 @@ connection_listener_new(const struct sockaddr *listensockaddr,
}
/* We need to use chmod; fchmod doesn't work on sockets on all
* platforms. */
- if (chmod(address, mode) < 0) {
+ if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
+ /* no change needed */
+ } else if (chmod(address, mode) < 0) {
log_warn(LD_FS,"Unable to make %s %s.", address, status);
goto err;
}
More information about the tor-commits
mailing list