[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [arm/release] Cautioning users against running arm as root
commit e0248705018a57c55d7c99295a66857b617a06f1
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date: Sat Sep 24 16:56:26 2011 -0700
Cautioning users against running arm as root
Notice level message at startup that cautions the user against running arm as
root.
---
src/starter.py | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/starter.py b/src/starter.py
index 6ed516e..b184330 100644
--- a/src/starter.py
+++ b/src/starter.py
@@ -101,6 +101,7 @@ PRIVATE_TORRC_ENTRIES = ["HashedControlPassword", "Bridge", "HiddenServiceDir"]
# notices given if the user is running arm or tor as root
TOR_ROOT_NOTICE = "Tor is currently running with root permissions. This is not a good idea and shouldn't be necessary. See the 'User UID' option from Tor's man page for an easy method of reducing its permissions after startup."
+ARM_ROOT_NOTICE = "Arm is currently running with root permissions. This is not a good idea, and will still work perfectly well if it's run with the same user as Tor (ie, starting with \"sudo -u %s arm\")."
def allowConnectionTypes():
"""
@@ -493,13 +494,23 @@ if __name__ == '__main__':
initTime = time.time() - startTime
controller = util.torTools.getConn()
+ torUser = None
if conn:
controller.init(conn)
# give a notice if tor is running with root
- if controller.getMyUser() == "root":
+ torUser = controller.getMyUser()
+ if torUser == "root":
util.log.log(util.log.NOTICE, TOR_ROOT_NOTICE)
-
+
+ # Give a notice if arm is running with root. Querying connections usually
+ # requires us to have the same permissions as tor so if tor is running as
+ # root then drop this notice (they're already then being warned about tor
+ # being root, anyway).
+
+ if torUser != "root" and os.getuid() == 0:
+ torUserLabel = torUser if torUser else "<tor user>"
+ util.log.log(util.log.NOTICE, ARM_ROOT_NOTICE % torUserLabel)
# fetches descriptions for tor's configuration options
_loadConfigurationDescriptions(pathPrefix)
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits