[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16450: {tor} Patch from Christopher Davis: open /dev/pf before dropping p (in tor/trunk: . src/or)
Author: nickm
Date: 2008-08-06 12:32:17 -0400 (Wed, 06 Aug 2008)
New Revision: 16450
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/config.c
tor/trunk/src/or/connection_edge.c
tor/trunk/src/or/or.h
Log:
r17664@tombo: nickm | 2008-08-06 12:32:09 -0400
Patch from Christopher Davis: open /dev/pf before dropping privileges. Fixes bug 782. Backport candidate.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r17664] on 49666b30-7950-49c5-bedf-9dc8f3168102
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-08-06 16:22:35 UTC (rev 16449)
+++ tor/trunk/ChangeLog 2008-08-06 16:32:17 UTC (rev 16450)
@@ -7,6 +7,10 @@
o Minor bugfixes:
- Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
+ - When using the TransPort option on OpenBSD, and using the User
+ option to change UID and drop privileges, make sure to open
+ /dev/pf before dropping privileges. Fixes bug 782. Patch from
+ Christopher Davis. Bugfix on 0.1.2.1-alpha.
Changes in version 0.2.1.4-alpha - 2008-08-04
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2008-08-06 16:22:35 UTC (rev 16449)
+++ tor/trunk/src/or/config.c 2008-08-06 16:32:17 UTC (rev 16450)
@@ -1059,6 +1059,16 @@
}
}
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+ /* Open /dev/pf before dropping privileges. */
+ if (options->TransPort) {
+ if (get_pf_socket() < 0) {
+ *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
+ goto rollback;
+ }
+ }
+#endif
+
/* Setuid/setgid as appropriate */
if (options->User || options->Group) {
/* XXXX021 We should only do this the first time through, not on
Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c 2008-08-06 16:22:35 UTC (rev 16449)
+++ tor/trunk/src/or/connection_edge.c 2008-08-06 16:32:17 UTC (rev 16450)
@@ -1653,11 +1653,11 @@
#ifdef TRANS_PF
static int pf_socket = -1;
-static int
+int
get_pf_socket(void)
{
int pf;
- /* Ideally, this should be opened before dropping privs. */
+ /* This should be opened before dropping privs. */
if (pf_socket >= 0)
return pf_socket;
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2008-08-06 16:22:35 UTC (rev 16449)
+++ tor/trunk/src/or/or.h 2008-08-06 16:32:17 UTC (rev 16450)
@@ -2937,6 +2937,10 @@
} hostname_type_t;
hostname_type_t parse_extended_hostname(char *address);
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+int get_pf_socket(void);
+#endif
+
/********************************* connection_or.c ***************************/
void connection_or_remove_from_identity_map(or_connection_t *conn);