[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16726: {tor} Backport r16450 to 0.2.0.x: open /dev/pf before dropping pri (in tor/branches/tor-0_2_0-patches: . doc src/or)
Author: nickm
Date: 2008-09-01 18:05:32 -0400 (Mon, 01 Sep 2008)
New Revision: 16726
Modified:
tor/branches/tor-0_2_0-patches/ChangeLog
tor/branches/tor-0_2_0-patches/doc/TODO.020
tor/branches/tor-0_2_0-patches/src/or/config.c
tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
tor/branches/tor-0_2_0-patches/src/or/or.h
Log:
Backport r16450 to 0.2.0.x: open /dev/pf before dropping privileges.
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog 2008-09-01 22:00:07 UTC (rev 16725)
+++ tor/branches/tor-0_2_0-patches/ChangeLog 2008-09-01 22:05:32 UTC (rev 16726)
@@ -22,6 +22,10 @@
trying session resumption at this point, but apparently some
did, in ways that caused the handshake to fail. Bugfix on
0.2.0.20-rc. Bug found by Geoff Goodell.
+ - When using the TransPort option on OpenBSD, and using the User
+ option to change UID and drop privileges, make sure to open
+ /dev/pf before dropping privileges. Fixes bug 782. Patch from
+ Christopher Davis. Bugfix on 0.1.2.1-alpha.
Changes in version 0.2.0.30 - 2008-07-15
Modified: tor/branches/tor-0_2_0-patches/doc/TODO.020
===================================================================
--- tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-09-01 22:00:07 UTC (rev 16725)
+++ tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-09-01 22:05:32 UTC (rev 16726)
@@ -11,7 +11,7 @@
o r15821: fix bug related to TLS session negotiation.
o r16136: prevent circid collision. [Also backport to 0.1.2.x??]
- r16143: generate stream close events from connection_edge_destroy().
- - r16450: open /dev/pf before dropping privileges.
+ o r16450: open /dev/pf before dropping privileges.
- r16605: relays reject risky extend cells.
- r16698: don't use a new entry guard that's also your exit.
Modified: tor/branches/tor-0_2_0-patches/src/or/config.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/config.c 2008-09-01 22:00:07 UTC (rev 16725)
+++ tor/branches/tor-0_2_0-patches/src/or/config.c 2008-09-01 22:05:32 UTC (rev 16726)
@@ -1022,6 +1022,16 @@
}
}
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+ /* Open /dev/pf before dropping privileges. */
+ if (options->TransPort) {
+ if (get_pf_socket() < 0) {
+ *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
+ goto rollback;
+ }
+ }
+#endif
+
/* Setuid/setgid as appropriate */
if (options->User || options->Group) {
/* XXXX021 We should only do this the first time through, not on
Modified: tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/connection_edge.c 2008-09-01 22:00:07 UTC (rev 16725)
+++ tor/branches/tor-0_2_0-patches/src/or/connection_edge.c 2008-09-01 22:05:32 UTC (rev 16726)
@@ -1636,11 +1636,11 @@
#ifdef TRANS_PF
static int pf_socket = -1;
-static int
+int
get_pf_socket(void)
{
int pf;
- /* Ideally, this should be opened before dropping privs. */
+ /* This should be opened before dropping privs. */
if (pf_socket >= 0)
return pf_socket;
Modified: tor/branches/tor-0_2_0-patches/src/or/or.h
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/or.h 2008-09-01 22:00:07 UTC (rev 16725)
+++ tor/branches/tor-0_2_0-patches/src/or/or.h 2008-09-01 22:05:32 UTC (rev 16726)
@@ -2856,6 +2856,10 @@
} hostname_type_t;
hostname_type_t parse_extended_hostname(char *address);
+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+int get_pf_socket(void);
+#endif
+
/********************************* connection_or.c ***************************/
void connection_or_remove_from_identity_map(or_connection_t *conn);