commit 61dcd926aa8cc5080177eb48bcf9dc14a67e527a Author: Matthew Finkel Matthew.Finkel@gmail.com Date: Fri Mar 13 07:06:16 2015 +0000
Flag when a controlsocket is configured as WorldWritable --- src/or/config.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c index 8d29b8e..9c02f0c 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -549,7 +549,8 @@ static int parse_dir_fallback_line(const char *line, int validate_only); static void port_cfg_free(port_cfg_t *port); static int parse_ports(or_options_t *options, int validate_only, - char **msg_out, int *n_ports_out); + char **msg_out, int *n_ports_out, + int *world_writable_control_socket); static int check_server_ports(const smartlist_t *ports, const or_options_t *options);
@@ -1090,7 +1091,7 @@ options_act_reversible(const or_options_t *old_options, char **msg) }
/* Adjust the port configuration so we can launch listeners. */ - if (parse_ports(options, 0, msg, &n_ports)) { + if (parse_ports(options, 0, msg, &n_ports, NULL)) { if (!*msg) *msg = tor_strdup("Unexpected problem parsing port config"); goto rollback; @@ -2586,6 +2587,7 @@ options_validate(or_options_t *old_options, or_options_t *options, config_line_t *cl; const char *uname = get_uname(); int n_ports=0; + int world_writable_control_socket; #define REJECT(arg) \ STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END #define COMPLAIN(arg) STMT_BEGIN log_warn(LD_CONFIG, arg); STMT_END @@ -2603,7 +2605,8 @@ options_validate(or_options_t *old_options, or_options_t *options, "for details.", uname); }
- if (parse_ports(options, 1, msg, &n_ports) < 0) + if (parse_ports(options, 1, msg, &n_ports, + &world_writable_control_socket) < 0) return -1;
if (parse_outbound_addresses(options, 1, msg) < 0) @@ -3381,13 +3384,16 @@ options_validate(or_options_t *old_options, or_options_t *options, } }
- if (options->ControlPort_set && !options->HashedControlPassword && + if ((options->ControlPort_set || world_writable_control_socket) && + !options->HashedControlPassword && !options->HashedControlSessionPassword && !options->CookieAuthentication) { - log_warn(LD_CONFIG, "ControlPort is open, but no authentication method " + log_warn(LD_CONFIG, "Control%s is %s, but no authentication method " "has been configured. This means that any program on your " "computer can reconfigure your Tor. That's bad! You should " - "upgrade your Tor controller as soon as possible."); + "upgrade your Tor controller as soon as possible.", + options->ControlPort_set ? "Port" : "Socket", + options->ControlPort_set ? "open" : "world writable"); }
if (options->CookieAuthFileGroupReadable && !options->CookieAuthFile) { @@ -6229,7 +6235,8 @@ count_real_listeners(const smartlist_t *ports, int listenertype) **/ static int parse_ports(or_options_t *options, int validate_only, - char **msg, int *n_ports_out) + char **msg, int *n_ports_out, + int *world_writable_control_socket) { smartlist_t *ports; int retval = -1; @@ -6358,6 +6365,16 @@ parse_ports(or_options_t *options, int validate_only, options->ExtORPort_set = !! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER);
+ if (world_writable_control_socket) { + SMARTLIST_FOREACH(ports, port_cfg_t *, p, + if (p->type == CONN_TYPE_CONTROL_LISTENER && + p->is_unix_addr && + p->is_world_writable) { + *world_writable_control_socket = 1; + break; + }); + } + if (!validate_only) { if (configured_ports) { SMARTLIST_FOREACH(configured_ports,