[tor-commits] [tor/master] Disallow disabling DisableDebuggerAttachment on runnning Tor
nickm at torproject.org
nickm at torproject.org
Tue Jan 10 22:59:41 UTC 2012
commit 98959f63aca84e605fb98f10d943f2d28d627039
Author: Sebastian Hahn <sebastian at torproject.org>
Date: Thu Dec 8 09:19:09 2011 +0100
Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
---
doc/tor.1.txt | 4 ++--
src/common/compat.c | 9 +++++----
src/or/config.c | 33 +++++++++++++++++++++++++++------
3 files changed, 34 insertions(+), 12 deletions(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 91a7c69..fcc566e 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -282,8 +282,8 @@ Other options can be specified either on the command-line (--option
to alter the system wide ptrace scope as it may not even exist. If you wish
to attach to Tor with a debugger such as gdb or strace you will want to set
this to 0 for the duration of your debugging. Normal users should leave it
- on. (Default: 1)
-
+ on. Disabling this option while Tor is running is prohibited. (Default: 1)
+
**FetchDirInfoEarly** **0**|**1**::
If set to 1, Tor will always fetch directory information like other
directory caches, even if you don't meet the normal criteria for fetching
diff --git a/src/common/compat.c b/src/common/compat.c
index 27e0060..ff9d877 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1542,8 +1542,8 @@ switch_id(const char *user)
* CAP_SYS_PTRACE and so it is very likely that root will still be able to
* attach to the Tor process.
*/
-/** Attempt to disable debugger attachment: return 0 on success, -1 on
- * failure. */
+/** Attempt to disable debugger attachment: return 1 on success, -1 on
+ * failure, and 0 if we don't know how to try on this platform. */
int
tor_disable_debugger_attach(void)
{
@@ -1568,11 +1568,12 @@ tor_disable_debugger_attach(void)
// XXX: TODO - Mac OS X has dtrace and this may be disabled.
// XXX: TODO - Windows probably has something similar
- if (r == 0) {
+ if (r == 0 && attempted) {
log_debug(LD_CONFIG,"Debugger attachment disabled for "
"unprivileged users.");
+ return 1;
} else if (attempted) {
- log_warn(LD_CONFIG, "Unable to disable ptrace attach: %s",
+ log_warn(LD_CONFIG, "Unable to disable debugger attaching: %s",
strerror(errno));
}
return r;
diff --git a/src/or/config.c b/src/or/config.c
index 740a9db..b118f30 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1326,12 +1326,26 @@ options_act(const or_options_t *old_options)
const int transition_affects_workers =
old_options && options_transition_affects_workers(old_options, options);
- /* disable ptrace and later, other basic debugging techniques */
- if (options->DisableDebuggerAttachment) {
- tor_disable_debugger_attach();
- } else {
- log_notice(LD_CONFIG,"Debugger attachment enabled "
- "for unprivileged users.");
+ /* disable ptrace and later, other basic debugging techniques */
+ {
+ /* Remember if we already disabled debugger attachment */
+ static int disabled_debugger_attach = 0;
+ /* Remember if we already warned about being configured not to disable
+ * debugger attachment */
+ static int warned_debugger_attach = 0;
+ if (options->DisableDebuggerAttachment && !disabled_debugger_attach) {
+ int ok = tor_disable_debugger_attach();
+ if (warned_debugger_attach && ok == 1) {
+ log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged "
+ "users.");
+ }
+ disabled_debugger_attach = (ok == 1);
+ } else if (!options->DisableDebuggerAttachment &&
+ !warned_debugger_attach) {
+ log_notice(LD_CONFIG, "Not disabling debugger attaching for "
+ "unprivileged users.");
+ warned_debugger_attach = 1;
+ }
}
if (running_tor && !have_lockfile()) {
@@ -4170,6 +4184,13 @@ options_transition_allowed(const or_options_t *old,
return -1;
}
+ if (old->DisableDebuggerAttachment &&
+ !new_val->DisableDebuggerAttachment) {
+ *msg = tor_strdup("While Tor is running, disabling "
+ "DisableDebuggerAttachment is not allowed.");
+ return -1;
+ }
+
return 0;
}
More information about the tor-commits
mailing list