[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Correct check_private_dir's dir mode

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Correct check_private_dir's dir mode
From: nickm@xxxxxxxxxxxxxx
Date: Wed, 5 Nov 2014 19:19:18 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Nov 2014 14:19:35 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Stainton <dstainton415@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 6b9016fe3c4dd814bee07e4439efcb6aca4efc43
Author: David Stainton <dstainton415@xxxxxxxxx>
Date:   Fri Aug 29 18:58:56 2014 +0000

    Correct check_private_dir's dir mode
    
    This commit attempts to satisfy nickm's comment on check_private_dir() permissions:
    https://trac.torproject.org/projects/tor/ticket/11291#comment:12
    """check_private_dir() ensures that the directory has bits 0700 if CPD_CHECK_MODE_ONLY is not set. Shouldn't it also ensure that the directory has bits 0050 if CPD_CHECK_MODE_ONLY is not set, and CPD_GROUP_READ is set?"""
---
 src/common/util.c |   22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 0865fe7..0323264 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1888,7 +1888,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
   struct stat st;
   char *f;
 #ifndef _WIN32
-  int mask;
   const struct passwd *pw = NULL;
   uid_t running_uid;
   gid_t running_gid;
@@ -1986,22 +1985,20 @@ check_private_dir(const char *dirname, cpd_check_t check,
     tor_free(process_groupname);
     return -1;
   }
-  if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
-    mask = 0027;
-  } else {
-    mask = 0077;
-  }
-  if (st.st_mode & mask) {
-    unsigned new_mode;
-    if (check & CPD_CHECK_MODE_ONLY) {
+  if (check & CPD_CHECK_MODE_ONLY) {
+    if (st.st_mode & 0077) {
       log_warn(LD_FS, "Permissions on directory %s are too permissive.",
                dirname);
       return -1;
     }
+  } else {
     log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
-    new_mode = st.st_mode;
-    new_mode |= 0700; /* Owner should have rwx */
-    new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
+    unsigned new_mode;
+    if (check & CPD_GROUP_READ) {
+      new_mode = 0750;
+    } else {
+      new_mode = 0700;
+    }
     if (chmod(dirname, new_mode)) {
       log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
           strerror(errno));
@@ -2010,6 +2007,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
       return 0;
     }
   }
+
 #endif
   return 0;
 }



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Clean up patch
Next by Author: [tor-commits] [tor/master] fix two typos
Previous by thread: [tor-commits] [tor/master] Clean up patch
Next by thread: [tor-commits] [tor/master] fix two typos
Index(es):
- Author
- Thread