Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

sandbox: allow reading of hidden service configuration files.

fixes part of 12064
Nick Mathewson 10 years ago
parent
85f49abfbe
commit
cfd0ee514c
4 changed files with 37 additions and 5 deletions
Split View Show Diff Stats
  1. 5 0
      changes/bug12064_part2
  2. 6 5
      src/or/main.c
  3. 25 0
      src/or/rendservice.c
  4. 1 0
      src/or/rendservice.h

+ 5 - 0
changes/bug12064_part2
View File 

@@ -0,0 +1,5 @@
 
+  o Minor bugfixes (seccomp sandbox):
 
+    - Avoid warnings when running with sandboxing enabled at the same
 
+      time as cookie authentication, hidden services or directory
 
+      authority voting.  Fixes part of 12064; bugfix on 0.2.5.1-alpha.
 
+

+ 6 - 5
src/or/main.c
View File 

@@ -2829,13 +2829,14 @@ sandbox_init_filter(void)
 
   );
 
 
   {
 
-    smartlist_t *logfiles = smartlist_new();
 
-    tor_log_get_logfile_names(logfiles);
 
-    SMARTLIST_FOREACH(logfiles, char *, logfile_name, {
 
+    smartlist_t *files = smartlist_new();
 
+    tor_log_get_logfile_names(files);
 
+    rend_services_add_filenames_to_list(files);
 
+    SMARTLIST_FOREACH(files, char *, file_name, {
 
       /* steals reference */
 
-      sandbox_cfg_allow_open_filename(&cfg, logfile_name);
 
+      sandbox_cfg_allow_open_filename(&cfg, file_name);
 
     });
 
-    smartlist_free(logfiles);
 
+    smartlist_free(files);
 
   }
 
 
   {

+ 25 - 0
src/or/rendservice.c
View File 

@@ -656,6 +656,31 @@ rend_service_load_all_keys(void)
 
   return 0;
 
 }
 
 
+/** Add to <b>lst</b> every filename used by <b>s</b>. */
 
+static void
 
+rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
 
+{
 
+  tor_assert(lst);
 
+  tor_assert(s);
 
+  smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key",
 
+                         s->directory);
 
+  smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname",
 
+                         s->directory);
 
+  smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"client_keys",
 
+                         s->directory);
 
+}
 
+
 
+/** Add to <b>lst</b> every filename used by a configured hidden service */
 
+void
 
+rend_services_add_filenames_to_list(smartlist_t *lst)
 
+{
 
+  if (!rend_service_list)
 
+    return;
 
+  SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
 
+    rend_service_add_filenames_to_list(lst, s);
 
+  } SMARTLIST_FOREACH_END(s);
 
+}
 
+
 
 /** Load and/or generate private keys for the hidden service <b>s</b>,
 
  * possibly including keys for client authorization.  Return 0 on success, -1
 
  * on failure. */

+ 1 - 0
src/or/rendservice.h
View File 

@@ -71,6 +71,7 @@ struct rend_intro_cell_s {
 
 int num_rend_services(void);
 
 int rend_config_services(const or_options_t *options, int validate_only);
 
 int rend_service_load_all_keys(void);
 
+void rend_services_add_filenames_to_list(smartlist_t *lst);
 
 void rend_services_introduce(void);
 
 void rend_consider_services_upload(time_t now);
 
 void rend_hsdir_routers_changed(void);