From c60ea133362213f0b7d4572ac30ff0a2195918b7 Mon Sep 17 00:00:00 2001
From: Jamie Nguyen <j@jamielinux.com>
Date: Fri, 13 Nov 2015 14:18:26 +0000
Subject: [PATCH 2/3] Introduce DataDirectoryGroupReadable boolean
---
changes/bug17562-DataDirectoryGroupReadable | 3 +++
doc/tor.1.txt | 5 +++++
src/or/config.c | 17 ++++++++++++++++-
src/or/or.h | 1 +
4 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 changes/bug17562-DataDirectoryGroupReadable
diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable
new file mode 100644
index 0000000..524e5ef
--- /dev/null
+++ b/changes/bug17562-DataDirectoryGroupReadable
@@ -0,0 +1,3 @@
+ o Minor bug fixes:
+ - Introduce DataDirectoryGroupReadable boolean. If set to 1, the
+ DataDirectory will be made readable by the default GID.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 916433b..00cac95 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -350,6 +350,11 @@ GENERAL OPTIONS
[[DataDirectory]] **DataDirectory** __DIR__::
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
+[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**::
+ If this option is set to 0, don't allow the filesystem group to read the
+ DataDirectory. If the option is set to 1, make the DataDirectory readable
+ by the default GID. (Default: 0)
+
[[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]::
When we're unable to connect to any directory cache for directory info
(usually because we don't know about any yet) we try a FallbackDir.
diff --git a/src/or/config.c b/src/or/config.c
index 22039b4..45293db 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -212,6 +212,7 @@ static config_var_t option_vars_[] = {
V(CookieAuthFile, STRING, NULL),
V(CountPrivateBandwidth, BOOL, "0"),
V(DataDirectory, FILENAME, NULL),
+ V(DataDirectoryGroupReadable, BOOL, "0"),
V(DisableNetwork, BOOL, "0"),
V(DirAllowPrivateAddresses, BOOL, "0"),
V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
@@ -1187,16 +1188,30 @@ options_act_reversible(const or_options_t *old_options, char **msg)
}
/* Ensure data directory is private; create if possible. */
+ cpd_check_t cpd_group_opts = CPD_NONE;
+ if (options->DataDirectoryGroupReadable)
+ cpd_group_opts = CPD_GROUP_READ;
if (check_private_dir(options->DataDirectory,
- running_tor ? CPD_CREATE : CPD_CHECK,
+ running_tor ?
+ CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts,
options->User)<0) {
tor_asprintf(msg,
"Couldn't access/create private data directory \"%s\"",
options->DataDirectory);
+
goto done;
/* No need to roll back, since you can't change the value. */
}
+#ifndef _WIN32
+ if (options->DataDirectoryGroupReadable) {
+ /* Only new dirs created get new opts, also enforce group read. */
+ if (chmod(options->DataDirectory, 0750)) {
+ log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory);
+ }
+ }
+#endif
+
/* Bail out at this point if we're not going to be a client or server:
* we don't run Tor itself. */
if (!running_tor)
diff --git a/src/or/or.h b/src/or/or.h
index 651d8be..112fe21 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3428,6 +3428,7 @@ typedef struct {
char *DebugLogFile; /**< Where to send verbose log messages. */
char *DataDirectory; /**< OR only: where to store long-term data. */
+ int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
char *Nickname; /**< OR only: nickname of this onion router. */
char *Address; /**< OR only: configured address for this onion router. */
char *PidFile; /**< Where to store PID of Tor process. */
--
2.5.0