[tor-commits] [tor/master] Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified
nickm at torproject.org
nickm at torproject.org
Tue Jan 13 18:11:45 UTC 2015
commit 066acaf6b9e5c38fc392e85c14457f338d3c1dff
Author: Andrea Shepard <andrea at torproject.org>
Date: Tue Jan 13 00:27:04 2015 +0000
Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified
---
src/or/connection.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/or/connection.c b/src/or/connection.c
index 0a7a6a8..a3c7019 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1244,6 +1244,16 @@ connection_listener_new(const struct sockaddr *listensockaddr,
log_warn(LD_FS,"Unable to make %s group-writable.", address);
goto err;
}
+ } else if ((type == CONN_TYPE_CONTROL_LISTENER &&
+ !(options->ControlSocketsGroupWritable)) ||
+ (type == CONN_TYPE_AP_LISTENER &&
+ !(options->SocksSocketsGroupWritable))) {
+ /* We need to use chmod; fchmod doesn't work on sockets on all
+ * platforms. */
+ if (chmod(address, 0600) < 0) {
+ log_warn(LD_FS,"Unable to make %s group-writable.", address);
+ goto err;
+ }
}
if (listen(s, SOMAXCONN) < 0) {
More information about the tor-commits
mailing list