Ticket #17562: 0002-Introduce-DataDirectoryGroupReadable-boolean.patch

File 0002-Introduce-DataDirectoryGroupReadable-boolean.patch, 4.0 KB (added by jamielinux, 3 years ago)
  • new file changes/bug17562-DataDirectoryGroupReadable

    From c60ea133362213f0b7d4572ac30ff0a2195918b7 Mon Sep 17 00:00:00 2001
    From: Jamie Nguyen <j@jamielinux.com>
    Date: Fri, 13 Nov 2015 14:18:26 +0000
    Subject: [PATCH 2/3] Introduce DataDirectoryGroupReadable boolean
    
    ---
     changes/bug17562-DataDirectoryGroupReadable |  3 +++
     doc/tor.1.txt                               |  5 +++++
     src/or/config.c                             | 17 ++++++++++++++++-
     src/or/or.h                                 |  1 +
     4 files changed, 25 insertions(+), 1 deletion(-)
     create mode 100644 changes/bug17562-DataDirectoryGroupReadable
    
    diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable
    new file mode 100644
    index 0000000..524e5ef
    - +  
     1  o Minor bug fixes:
     2    - Introduce DataDirectoryGroupReadable boolean. If set to 1, the
     3      DataDirectory will be made readable by the default GID.
  • doc/tor.1.txt

    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index 916433b..00cac95 100644
    a b GENERAL OPTIONS 
    350350[[DataDirectory]] **DataDirectory** __DIR__::
    351351    Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
    352352
     353[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**::
     354    If this option is set to 0, don't allow the filesystem group to read the
     355    DataDirectory. If the option is set to 1, make the DataDirectory readable
     356    by the default GID. (Default: 0)
     357
    353358[[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]::
    354359    When we're unable to connect to any directory cache for directory info
    355360    (usually because we don't know about any yet) we try a FallbackDir.
  • src/or/config.c

    diff --git a/src/or/config.c b/src/or/config.c
    index 22039b4..45293db 100644
    a b static config_var_t option_vars_[] = { 
    212212  V(CookieAuthFile,              STRING,   NULL),
    213213  V(CountPrivateBandwidth,       BOOL,     "0"),
    214214  V(DataDirectory,               FILENAME, NULL),
     215  V(DataDirectoryGroupReadable,  BOOL,     "0"),
    215216  V(DisableNetwork,              BOOL,     "0"),
    216217  V(DirAllowPrivateAddresses,    BOOL,     "0"),
    217218  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
    options_act_reversible(const or_options_t *old_options, char **msg) 
    11871188  }
    11881189
    11891190  /* Ensure data directory is private; create if possible. */
     1191  cpd_check_t cpd_group_opts = CPD_NONE;
     1192  if (options->DataDirectoryGroupReadable)
     1193      cpd_group_opts = CPD_GROUP_READ;
    11901194  if (check_private_dir(options->DataDirectory,
    1191                         running_tor ? CPD_CREATE : CPD_CHECK,
     1195                        running_tor ?
     1196                        CPD_CREATE|cpd_group_opts : CPD_CHECK|cpd_group_opts,
    11921197                        options->User)<0) {
    11931198    tor_asprintf(msg,
    11941199              "Couldn't access/create private data directory \"%s\"",
    11951200              options->DataDirectory);
     1201
    11961202    goto done;
    11971203    /* No need to roll back, since you can't change the value. */
    11981204  }
    11991205
     1206#ifndef _WIN32
     1207  if (options->DataDirectoryGroupReadable) {
     1208    /* Only new dirs created get new opts, also enforce group read. */
     1209    if (chmod(options->DataDirectory, 0750)) {
     1210      log_warn(LD_FS,"Unable to make %s group-readable.", options->DataDirectory);
     1211    }
     1212  }
     1213#endif
     1214
    12001215  /* Bail out at this point if we're not going to be a client or server:
    12011216   * we don't run Tor itself. */
    12021217  if (!running_tor)
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index 651d8be..112fe21 100644
    a b typedef struct { 
    34283428
    34293429  char *DebugLogFile; /**< Where to send verbose log messages. */
    34303430  char *DataDirectory; /**< OR only: where to store long-term data. */
     3431  int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
    34313432  char *Nickname; /**< OR only: nickname of this onion router. */
    34323433  char *Address; /**< OR only: configured address for this onion router. */
    34333434  char *PidFile; /**< Where to store PID of Tor process. */