Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Permit filesystem group to be root

Jamie Nguyen 8 years ago
parent
d68b7fd442
commit
08c7ceb5df
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 6 0
      changes/bug17562-allow-root-group-read
  2. 1 1
      src/common/util.c

+ 6 - 0
changes/bug17562-allow-root-group-read
View File 

@@ -0,0 +1,6 @@
 
+  o Minor bug fixes:
 
+    - If any directory created by Tor is marked as group readable, the
 
+      filesystem group is allowed to be either the default GID or the root
 
+      user. Allowing root to read the DataDirectory prevents the need for
 
+      CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
 
+      dac_read_search when using SELinux.

+ 1 - 1
src/common/util.c
View File 

@@ -2143,7 +2143,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
 
     return -1;
 
   }
 
   if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ))
 
-       && (st.st_gid != running_gid) ) {
 
+       && (st.st_gid != running_gid) && (st.st_gid != 0)) {
 
     struct group *gr;
 
     char *process_groupname = NULL;
 
     gr = getgrgid(running_gid);