From c60ea133362213f0b7d4572ac30ff0a2195918b7 Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Fri, 13 Nov 2015 14:18:26 +0000 Subject: [PATCH 2/3] Introduce DataDirectoryGroupReadable boolean --- changes/bug17562-DataDirectoryGroupReadable | 3 +++ doc/tor.1.txt | 5 +++++ src/or/config.c | 17 ++++++++++++++++- src/or/or.h | 1 + 4 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 changes/bug17562-DataDirectoryGroupReadable diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable new file mode 100644 index 0000000..524e5ef --- /dev/null +++ b/changes/bug17562-DataDirectoryGroupReadable @@ -0,0 +1,3 @@ + o Minor bug fixes: + - Introduce DataDirectoryGroupReadable boolean. If set to 1, the + DataDirectory will be made readable by the default GID. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 916433b..00cac95 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -350,6 +350,11 @@ GENERAL OPTIONS [[DataDirectory]] **DataDirectory** __DIR__:: Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) +[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**:: + If this option is set to 0, don't allow the filesystem group to read the + DataDirectory. If the option is set to 1, make the DataDirectory readable + by the default GID. (Default: 0) + [[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]:: When we're unable to connect to any directory cache for directory info (usually because we don't know about any yet) we try a FallbackDir. diff --git a/src/or/config.c b/src/or/config.c index 22039b4..45293db 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -212,6 +212,7 @@ static config_var_t option_vars_[] = { V(CookieAuthFile, STRING, NULL), V(CountPrivateBandwidth, BOOL, "0"), V(DataDirectory, FILENAME, NULL), + V(DataDirectoryGroupReadable, BOOL, "0"), V(DisableNetwork, BOOL, "0"), V(DirAllowPrivateAddresses, BOOL, "0"), V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"), @@ -1187,16 +1188,30 @@ options_act_reversible(const or_options_t *old_options, char **msg) } /* Ensure data directory is private; create if possible. */ + cpd_check_t cpd_group_opts = CPD_NONE; + if (options->DataDirectoryGroupReadable) + cpd_group_opts = CPD_GROUP_READ; if (check_private_dir(options->DataDirectory, - running_tor ? CPD_CREATE : CPD_CHECK, + running_tor ? + CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts, options->User)<0) { tor_asprintf(msg, "Couldn't access/create private data directory \"%s\"", options->DataDirectory); + goto done; /* No need to roll back, since you can't change the value. */ } +#ifndef _WIN32 + if (options->DataDirectoryGroupReadable) { + /* Only new dirs created get new opts, also enforce group read. */ + if (chmod(options->DataDirectory, 0750)) { + log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory); + } + } +#endif + /* Bail out at this point if we're not going to be a client or server: * we don't run Tor itself. */ if (!running_tor) diff --git a/src/or/or.h b/src/or/or.h index 651d8be..112fe21 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3428,6 +3428,7 @@ typedef struct { char *DebugLogFile; /**< Where to send verbose log messages. */ char *DataDirectory; /**< OR only: where to store long-term data. */ + int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */ char *Nickname; /**< OR only: nickname of this onion router. */ char *Address; /**< OR only: configured address for this onion router. */ char *PidFile; /**< Where to store PID of Tor process. */ -- 2.5.0