[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17204: {tor} now that we drop privs more thoroughly, switch_id() is no lo (in tor/trunk/src: common or)
Author: arma
Date: 2008-11-06 23:34:47 -0500 (Thu, 06 Nov 2008)
New Revision: 17204
Modified:
tor/trunk/src/common/compat.c
tor/trunk/src/or/config.c
Log:
now that we drop privs more thoroughly, switch_id() is no longer
idempotent. so now we remember if we've succeeded, and if so we
don't even try.
Modified: tor/trunk/src/common/compat.c
===================================================================
--- tor/trunk/src/common/compat.c 2008-11-07 04:11:03 UTC (rev 17203)
+++ tor/trunk/src/common/compat.c 2008-11-07 04:34:47 UTC (rev 17204)
@@ -1026,9 +1026,13 @@
struct passwd *pw = NULL;
uid_t old_uid;
gid_t old_gid;
+ static int have_already_switched_id = 0;
tor_assert(user);
+ if (have_already_switched_id)
+ return 0;
+
/* Log the initial credential state */
if (log_credential_status())
return -1;
@@ -1117,6 +1121,7 @@
return -1;
}
+ have_already_switched_id = 1; /* mark success so we never try again */
return 0;
#else
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2008-11-07 04:11:03 UTC (rev 17203)
+++ tor/trunk/src/or/config.c 2008-11-07 04:34:47 UTC (rev 17204)
@@ -1084,8 +1084,6 @@
/* Setuid/setgid as appropriate */
if (options->User) {
- /* XXXX021 We should only do this the first time through, not on
- * every setconf. */
if (switch_id(options->User) != 0) {
/* No need to roll back, since you can't change the value. */
*msg = tor_strdup("Problem with User value. See logs for details.");