[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Move the friendly warning about TPROXY and root to EPERM time

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Move the friendly warning about TPROXY and root to EPERM time
From: nickm@xxxxxxxxxxxxxx
Date: Sun, 2 Feb 2014 20:48:33 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 02 Feb 2014 15:49:18 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit fd8947afc2815cc3316513fe4461d8d8096eddea
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Sun Feb 2 15:45:00 2014 -0500

    Move the friendly warning about TPROXY and root to EPERM time
    
    I'm doing this because:
       * User doesn't mean you're running as root, and running as root
         doesn't mean you've set User.
       * It's possible that the user has done some other
         capability-based hack to retain the necessary privileges.
---
 src/or/config.c     |    7 -------
 src/or/connection.c |    8 ++++++--
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index a2366c0..c921bb7 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2540,13 +2540,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
       REJECT("Cannot use TransTPROXY without any valid TransPort or "
              "TransListenAddress.");
     }
-    /* Friendly suggestion about running as root initially. */
-    if (!options->User) {
-      log_warn(LD_CONFIG,
-               "You have enabled TransTPROXY but have not specified the "
-               "\"User\" option. TransTPROXY will not function without "
-               "root privileges.");
-    }
   }
 #else
   if (options->TransPort_set || options->TransTPROXY)
diff --git a/src/or/connection.c b/src/or/connection.c
index 7d8feeb..6dbba66 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1039,9 +1039,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
       int one = 1;
       if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
+        const char *extra = "";
         int e = tor_socket_errno(s);
-        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s",
-                 tor_socket_strerror(e));
+        if (e == EPERM)
+          extra = "TransTPROXY requires root privileges or similar"
+            " capabilities.";
+        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
+                 tor_socket_strerror(e), extra);
       }
     }
 #endif



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Add a sandbox rule to allow IP_TRANSPARENT
Next by Author: [tor-commits] [tor/master] changelog for 10793
Previous by thread: [tor-commits] [tor/master] Add a sandbox rule to allow IP_TRANSPARENT
Next by thread: [tor-commits] [translation/tsum] Update translations for tsum
Index(es):
- Author
- Thread