From bb75e20839eaa787a51cd3811095631a97a581e1 Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Aug 21 2016 14:46:08 +0000 Subject: Remove upstreamed patches --- diff --git a/0001-Permit-filesystem-group-to-be-root.patch b/0001-Permit-filesystem-group-to-be-root.patch deleted file mode 100644 index a6eb6e7..0000000 --- a/0001-Permit-filesystem-group-to-be-root.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 8b43cb98bf31a30c5d0ee5c580520797697078b2 Mon Sep 17 00:00:00 2001 -From: Jamie Nguyen -Date: Fri, 13 Nov 2015 14:17:02 +0000 -Subject: [PATCH 1/3] Permit filesystem group to be root - ---- - changes/bug17562-allow-root-group-read | 6 ++++++ - src/common/util.c | 2 +- - 2 files changed, 7 insertions(+), 1 deletion(-) - create mode 100644 changes/bug17562-allow-root-group-read - -diff --git a/changes/bug17562-allow-root-group-read b/changes/bug17562-allow-root-group-read -new file mode 100644 -index 0000000..7a0903c ---- /dev/null -+++ b/changes/bug17562-allow-root-group-read -@@ -0,0 +1,6 @@ -+ o Minor bug fixes: -+ - If any directory created by Tor is marked as group readable, the -+ filesystem group is allowed to be either the default GID or the root -+ user. Allowing root to read the DataDirectory prevents the need for -+ CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or -+ dac_read_search when using SELinux. -diff --git a/src/common/util.c b/src/common/util.c -index b33c80f..c0178a3 100644 ---- a/src/common/util.c -+++ b/src/common/util.c -@@ -2116,7 +2116,7 @@ check_private_dir(const char *dirname, cpd_check_t check, - return -1; - } - if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ)) -- && (st.st_gid != running_gid) ) { -+ && (st.st_gid != running_gid) && (st.st_gid != 0)) { - struct group *gr; - char *process_groupname = NULL; - gr = getgrgid(running_gid); --- -2.5.0 - diff --git a/0002-Introduce-DataDirectoryGroupReadable-boolean.patch b/0002-Introduce-DataDirectoryGroupReadable-boolean.patch deleted file mode 100644 index f5b62bd..0000000 --- a/0002-Introduce-DataDirectoryGroupReadable-boolean.patch +++ /dev/null @@ -1,97 +0,0 @@ -From c60ea133362213f0b7d4572ac30ff0a2195918b7 Mon Sep 17 00:00:00 2001 -From: Jamie Nguyen -Date: Fri, 13 Nov 2015 14:18:26 +0000 -Subject: [PATCH 2/3] Introduce DataDirectoryGroupReadable boolean - ---- - changes/bug17562-DataDirectoryGroupReadable | 3 +++ - doc/tor.1.txt | 5 +++++ - src/or/config.c | 17 ++++++++++++++++- - src/or/or.h | 1 + - 4 files changed, 25 insertions(+), 1 deletion(-) - create mode 100644 changes/bug17562-DataDirectoryGroupReadable - -diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable -new file mode 100644 -index 0000000..524e5ef ---- /dev/null -+++ b/changes/bug17562-DataDirectoryGroupReadable -@@ -0,0 +1,3 @@ -+ o Minor bug fixes: -+ - Introduce DataDirectoryGroupReadable boolean. If set to 1, the -+ DataDirectory will be made readable by the default GID. -diff --git a/doc/tor.1.txt b/doc/tor.1.txt -index 916433b..00cac95 100644 ---- a/doc/tor.1.txt -+++ b/doc/tor.1.txt -@@ -350,6 +350,11 @@ GENERAL OPTIONS - [[DataDirectory]] **DataDirectory** __DIR__:: - Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) - -+[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**:: -+ If this option is set to 0, don't allow the filesystem group to read the -+ DataDirectory. If the option is set to 1, make the DataDirectory readable -+ by the default GID. (Default: 0) -+ - [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]:: - When we're unable to connect to any directory cache for directory info - (usually because we don't know about any yet) we try a FallbackDir. -diff --git a/src/or/config.c b/src/or/config.c -index 22039b4..45293db 100644 ---- a/src/or/config.c -+++ b/src/or/config.c -@@ -212,6 +212,7 @@ static config_var_t option_vars_[] = { - V(CookieAuthFile, STRING, NULL), - V(CountPrivateBandwidth, BOOL, "0"), - V(DataDirectory, FILENAME, NULL), -+ V(DataDirectoryGroupReadable, BOOL, "0"), - V(DisableNetwork, BOOL, "0"), - V(DirAllowPrivateAddresses, BOOL, "0"), - V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"), -@@ -1187,16 +1188,30 @@ options_act_reversible(const or_options_t *old_options, char **msg) - } - - /* Ensure data directory is private; create if possible. */ -+ cpd_check_t cpd_group_opts = CPD_NONE; -+ if (options->DataDirectoryGroupReadable) -+ cpd_group_opts = CPD_GROUP_READ; - if (check_private_dir(options->DataDirectory, -- running_tor ? CPD_CREATE : CPD_CHECK, -+ running_tor ? -+ CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts, - options->User)<0) { - tor_asprintf(msg, - "Couldn't access/create private data directory \"%s\"", - options->DataDirectory); -+ - goto done; - /* No need to roll back, since you can't change the value. */ - } - -+#ifndef _WIN32 -+ if (options->DataDirectoryGroupReadable) { -+ /* Only new dirs created get new opts, also enforce group read. */ -+ if (chmod(options->DataDirectory, 0750)) { -+ log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory); -+ } -+ } -+#endif -+ - /* Bail out at this point if we're not going to be a client or server: - * we don't run Tor itself. */ - if (!running_tor) -diff --git a/src/or/or.h b/src/or/or.h -index 651d8be..112fe21 100644 ---- a/src/or/or.h -+++ b/src/or/or.h -@@ -3428,6 +3428,7 @@ typedef struct { - - char *DebugLogFile; /**< Where to send verbose log messages. */ - char *DataDirectory; /**< OR only: where to store long-term data. */ -+ int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */ - char *Nickname; /**< OR only: nickname of this onion router. */ - char *Address; /**< OR only: configured address for this onion router. */ - char *PidFile; /**< Where to store PID of Tor process. */ --- -2.5.0 - diff --git a/0003-Defer-creation-of-Unix-socket-until-after-setuid.patch b/0003-Defer-creation-of-Unix-socket-until-after-setuid.patch deleted file mode 100644 index 871b3d6..0000000 --- a/0003-Defer-creation-of-Unix-socket-until-after-setuid.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c4fbdc2d3a0d3e54bb9ad1238be87390bd04dc9b Mon Sep 17 00:00:00 2001 -From: Jamie Nguyen -Date: Fri, 13 Nov 2015 13:57:11 +0000 -Subject: [PATCH 3/3] Defer creation of Unix socket until after setuid - ---- - changes/bug17562-defer-unix-socket-creation | 4 ++++ - src/or/connection.c | 8 ++++++++ - 2 files changed, 12 insertions(+) - create mode 100644 changes/bug17562-defer-unix-socket-creation - -diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation -new file mode 100644 -index 0000000..f1896c0 ---- /dev/null -+++ b/changes/bug17562-defer-unix-socket-creation -@@ -0,0 +1,4 @@ -+ o Minor bug fixes: -+ - Defer creation of Unix sockets until after setuid. This avoids needing -+ CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or -+ chown and fowner when using SELinux. -diff --git a/src/or/connection.c b/src/or/connection.c -index 78176d3..f2a82dd 100644 ---- a/src/or/connection.c -+++ b/src/or/connection.c -@@ -2381,6 +2381,14 @@ retry_listener_ports(smartlist_t *old_conns, - if (port->server_cfg.no_listen) - continue; - -+#ifndef _WIN32 -+ /* We don't need to be root to create a UNIX socket, so defer until after -+ * setuid. */ -+ const or_options_t *options = get_options(); -+ if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root")) -+ continue; -+#endif -+ - if (port->is_unix_addr) { - listensockaddr = (struct sockaddr *) - create_unix_sockaddr(port->unix_addr, --- -2.5.0 - diff --git a/0004-Simplify-cpd_opts-usage.patch b/0004-Simplify-cpd_opts-usage.patch deleted file mode 100644 index 00cf5f1..0000000 --- a/0004-Simplify-cpd_opts-usage.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 01334589f1eae801b4ed8fb72fe3816ad5b0fe78 Mon Sep 17 00:00:00 2001 -From: Nick Mathewson -Date: Thu, 10 Dec 2015 20:02:22 -0500 -Subject: [PATCH 4/5] Simplify cpd_opts usage. - ---- - src/or/config.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/or/config.c b/src/or/config.c -index d9ba774..c6d4de3 100644 ---- a/src/or/config.c -+++ b/src/or/config.c -@@ -1187,12 +1187,11 @@ options_act_reversible(const or_options_t *old_options, char **msg) - } - - /* Ensure data directory is private; create if possible. */ -- cpd_check_t cpd_group_opts = CPD_NONE; -+ cpd_check_t cpd_opts = running_tor ? CPD_CREATE : CPD_CHECK; - if (options->DataDirectoryGroupReadable) -- cpd_group_opts = CPD_GROUP_READ; -+ cpd_opts |= CPD_GROUP_READ; - if (check_private_dir(options->DataDirectory, -- running_tor ? -- CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts, -+ cpd_opts, - options->User)<0) { - tor_asprintf(msg, - "Couldn't access/create private data directory \"%s\"", --- -2.5.0 - diff --git a/0005-Fix-wide-line-log-why-chmod-failed.patch b/0005-Fix-wide-line-log-why-chmod-failed.patch deleted file mode 100644 index a07331b..0000000 --- a/0005-Fix-wide-line-log-why-chmod-failed.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4b0e9fff27acec544615810138e678869fcdd280 Mon Sep 17 00:00:00 2001 -From: Nick Mathewson -Date: Thu, 10 Dec 2015 20:03:37 -0500 -Subject: [PATCH 5/5] Fix wide line; log why chmod failed. - ---- - src/or/config.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/or/config.c b/src/or/config.c -index c6d4de3..7b42c9f 100644 ---- a/src/or/config.c -+++ b/src/or/config.c -@@ -1205,7 +1205,8 @@ options_act_reversible(const or_options_t *old_options, char **msg) - if (options->DataDirectoryGroupReadable) { - /* Only new dirs created get new opts, also enforce group read. */ - if (chmod(options->DataDirectory, 0750)) { -- log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory); -+ log_warn(LD_FS,"Unable to make %s group-readable: %s", -+ options->DataDirectory, strerror(errno)); - } - } - #endif --- -2.5.0 -