Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

now that we drop privs more thoroughly, switch_id() is no longer
idempotent. so now we remember if we've succeeded, and if so we
don't even try.


svn:r17204

Roger Dingledine 17 years ago
parent
7c65792500
commit
14773f42a7
2 changed files with 5 additions and 2 deletions
Split View Show Diff Stats
  1. 5 0
      src/common/compat.c
  2. 0 2
      src/or/config.c

+ 5 - 0
src/common/compat.c
View File 

@@ -1026,9 +1026,13 @@ switch_id(const char *user)
 
   struct passwd *pw = NULL;
 
   uid_t old_uid;
 
   gid_t old_gid;
 
+  static int have_already_switched_id = 0;
 
 
   tor_assert(user);
 
 
+  if (have_already_switched_id)
 
+    return 0;
 
+
 
   /* Log the initial credential state */
 
   if (log_credential_status())
 
     return -1;
 
@@ -1117,6 +1121,7 @@ switch_id(const char *user)
 
     return -1;
 
   }
 
 
+  have_already_switched_id = 1; /* mark success so we never try again */
 
   return 0;
 
 
 #else

+ 0 - 2
src/or/config.c
View File 

@@ -1084,8 +1084,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
 
 
   /* Setuid/setgid as appropriate */
 
   if (options->User) {
 
-    /* XXXX021 We should only do this the first time through, not on
 
-     * every setconf. */
 
     if (switch_id(options->User) != 0) {
 
       /* No need to roll back, since you can't change the value. */
 
       *msg = tor_strdup("Problem with User value. See logs for details.");