commit cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f Author: Nick Mathewson nickm@torproject.org Date: Thu May 22 20:39:10 2014 -0400
sandbox: allow reading of hidden service configuration files.
fixes part of 12064 --- changes/bug12064_part2 | 5 +++++ src/or/main.c | 11 ++++++----- src/or/rendservice.c | 25 +++++++++++++++++++++++++ src/or/rendservice.h | 1 + 4 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/changes/bug12064_part2 b/changes/bug12064_part2 new file mode 100644 index 0000000..4fa86a6 --- /dev/null +++ b/changes/bug12064_part2 @@ -0,0 +1,5 @@ + o Minor bugfixes (seccomp sandbox): + - Avoid warnings when running with sandboxing enabled at the same + time as cookie authentication, hidden services or directory + authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha. + diff --git a/src/or/main.c b/src/or/main.c index ba462dc..1c855d5 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2829,13 +2829,14 @@ sandbox_init_filter(void) );
{ - smartlist_t *logfiles = smartlist_new(); - tor_log_get_logfile_names(logfiles); - SMARTLIST_FOREACH(logfiles, char *, logfile_name, { + smartlist_t *files = smartlist_new(); + tor_log_get_logfile_names(files); + rend_services_add_filenames_to_list(files); + SMARTLIST_FOREACH(files, char *, file_name, { /* steals reference */ - sandbox_cfg_allow_open_filename(&cfg, logfile_name); + sandbox_cfg_allow_open_filename(&cfg, file_name); }); - smartlist_free(logfiles); + smartlist_free(files); }
{ diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 5a81d07..631e2a0 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -656,6 +656,31 @@ rend_service_load_all_keys(void) return 0; }
+/** Add to <b>lst</b> every filename used by <b>s</b>. */ +static void +rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s) +{ + tor_assert(lst); + tor_assert(s); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"client_keys", + s->directory); +} + +/** Add to <b>lst</b> every filename used by a configured hidden service */ +void +rend_services_add_filenames_to_list(smartlist_t *lst) +{ + if (!rend_service_list) + return; + SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { + rend_service_add_filenames_to_list(lst, s); + } SMARTLIST_FOREACH_END(s); +} + /** Load and/or generate private keys for the hidden service <b>s</b>, * possibly including keys for client authorization. Return 0 on success, -1 * on failure. */ diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 4a810eb..e8a9536 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -71,6 +71,7 @@ struct rend_intro_cell_s { int num_rend_services(void); int rend_config_services(const or_options_t *options, int validate_only); int rend_service_load_all_keys(void); +void rend_services_add_filenames_to_list(smartlist_t *lst); void rend_services_introduce(void); void rend_consider_services_upload(time_t now); void rend_hsdir_routers_changed(void);