[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #3393 [Tor Client]: ControlSocketsGroupWritable option is not compatible with User
#3393: ControlSocketsGroupWritable option is not compatible with User
------------------------+---------------------------------------------------
Reporter: lunar | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Client | Version: Tor: 0.2.2.26-beta
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
`check_private_dir()` to ensure that `ControlSocketsGroupWritable` is safe
to use. Unfortunately, `check_private_dir()` only checks against the
currently running userâ which can be root until privileges are dropped to
the user and group configured by the `User` config option.
The attached patch fixes the issue by adding a new `effective_user`
argument to `check_private_dir()` and updating the callers. It might not
be the best way to fix the issue, but it did in my tests.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3393>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs