commit 5d147d8527da3c8cff7f5ab5f0d0185d51fff79b Author: Nick Mathewson nickm@torproject.org Date: Fri May 13 15:40:03 2011 -0400
Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold control sockets: if somebody says "ControlSocket ~/foo", it would be pretty rude to do a chmod 700 on their homedir. --- src/common/util.c | 7 +++++++ src/common/util.h | 1 + 2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/common/util.c b/src/common/util.c index 3f81874..d84ed9c 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1670,6 +1670,8 @@ file_status(const char *fname) * check&CPD_CHECK, and we think we can create it, return 0. Else * return -1. If CPD_GROUP_OK is set, then it's okay if the directory * is group-readable, but in all cases we create the directory mode 0700. + * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions + * if they are too permissive: we just return -1. */ int check_private_dir(const char *dirname, cpd_check_t check) @@ -1741,6 +1743,11 @@ check_private_dir(const char *dirname, cpd_check_t check) } if (st.st_mode & mask) { unsigned new_mode; + if (check & CPD_CHECK_MODE_ONLY) { + log_warn(LD_FS, "Permissions on directory %s are too permissive.", + dirname); + return -1; + } log_warn(LD_FS, "Fixing permissions on directory %s", dirname); new_mode = st.st_mode; new_mode |= 0700; /* Owner should have rwx */ diff --git a/src/common/util.h b/src/common/util.h index f759532..f32709a 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -291,6 +291,7 @@ typedef unsigned int cpd_check_t; #define CPD_CREATE 1 #define CPD_CHECK 2 #define CPD_GROUP_OK 4 +#define CPD_CHECK_MODE_ONLY 8 int check_private_dir(const char *dirname, cpd_check_t check); #define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC) #define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)