Commit d3ee4161 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

r13186@catbus: nickm | 2007-06-03 19:00:20 -0400

 Bind ports before setuid/setgid.


svn:r10473
parent 147e439c
Changes in version 0.2.0.3-alpha - 2007-??-??
o Minor bugfixes ():
o Minor features:
- Create listener connections before we setuid to the configured User and
Group. This way, you can choose port values under 1024, start Tor as
root, and have Tor bind those ports before it changes to another UID.
o Minor bugfixes (dns):
- Fix a crash when DNSPort is set more than once. (Patch from Robert
Hogan.)
......
......@@ -246,7 +246,7 @@ Things we'd like to do in 0.2.0.x:
- Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)
- ...
- Let servers decide to support BEGIN_DIR but not DirPort.
- Tor should bind its ports before dropping privs, so users don't
o Tor should bind its ports before dropping privs, so users don't
have to do the ipchains dance.
- Blocking-resistance.
- It would be potentially helpful to https requests on the OR port by
......
......@@ -804,11 +804,36 @@ options_act_reversible(or_options_t *old_options, char **msg)
int r = -1;
int logs_marked = 0;
/* Daemonize _first_, since we only want to open most of this stuff in
* the subprocess. */
if (running_tor && options->RunAsDaemon) {
/* No need to roll back, since you can't change the value. */
start_daemon();
}
/* We need to set the connection limit before we can open the listeners. */
options->_ConnLimit =
set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
if (options->_ConnLimit < 0) {
*msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
goto rollback;
}
set_conn_limit = 1;
/* Set up libevent. (We need to do this before we can register the
* listeners as listeners.) */
if (running_tor && !libevent_initialized) {
init_libevent();
libevent_initialized = 1;
}
/* Launch the listeners. (We do this before we setuid, so we can bind to
* ports under 1024.) */
if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
*msg = tor_strdup("Failed to bind one of the listener ports.");
goto rollback;
}
/* Setuid/setgid as appropriate */
if (options->User || options->Group) {
if (switch_id(options->User, options->Group) != 0) {
......@@ -819,12 +844,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
}
}
/* Set up libevent. */
if (running_tor && !libevent_initialized) {
init_libevent();
libevent_initialized = 1;
}
/* Ensure data directory is private; create if possible. */
if (check_private_dir(options->DataDirectory, CPD_CREATE)<0) {
char buf[1024];
......@@ -841,19 +860,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
if (options->command != CMD_RUN_TOR)
goto commit;
options->_ConnLimit =
set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
if (options->_ConnLimit < 0) {
*msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
goto rollback;
}
set_conn_limit = 1;
if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
*msg = tor_strdup("Failed to bind one of the listener ports.");
goto rollback;
}
mark_logs_temp(); /* Close current logs once new logs are open. */
logs_marked = 1;
if (options_init_logs(options, 0)<0) { /* Configure the log(s) */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment