Backport r16450 to 0.2.0.x: open /dev/pf before dropping privileges.

svn:r16726
2008-09-01 22:05:32 +00:00 · 2008-09-01 22:05:32 +00:00 · 6784c9e314
parent 278a89d75a
commit 6784c9e314
5 changed files with 21 additions and 3 deletions
--- a/4
+++ b/4
@ -22,6 +22,10 @@ Changes in version 0.2.0.31 - 2008-08-??
      trying session resumption at this point, but apparently some
      did, in ways that caused the handshake to fail.  Bugfix on
      0.2.0.20-rc.  Bug found by Geoff Goodell.
+    - When using the TransPort option on OpenBSD, and using the User
+      option to change UID and drop privileges, make sure to open
+      /dev/pf before dropping privileges.  Fixes bug 782.  Patch from
+      Christopher Davis.  Bugfix on 0.1.2.1-alpha.


 Changes in version 0.2.0.30 - 2008-07-15
--- a/doc/TODO.020
+++ b/doc/TODO.020
@ -11,7 +11,7 @@ Backport for 0.2.0 once better tested:
  o r15821: fix bug related to TLS session negotiation.
  o r16136: prevent circid collision.  [Also backport to 0.1.2.x??]
  - r16143: generate stream close events from connection_edge_destroy().
-  - r16450: open /dev/pf before dropping privileges.
+  o r16450: open /dev/pf before dropping privileges.
  - r16605: relays reject risky extend cells.
  - r16698: don't use a new entry guard that's also your exit.

--- a/src/or/config.c
+++ b/src/or/config.c
@ -1022,6 +1022,16 @@ options_act_reversible(or_options_t *old_options, char **msg)
    }
  }

+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+  /* Open /dev/pf before dropping privileges. */
+  if (options->TransPort) {
+    if (get_pf_socket() < 0) {
+      *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
+      goto rollback;
+    }
+  }
+#endif
+
  /* Setuid/setgid as appropriate */
  if (options->User || options->Group) {
    /* XXXX021 We should only do this the first time through, not on
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -1636,11 +1636,11 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,

 #ifdef TRANS_PF
 static int pf_socket = -1;
-static int
+int
 get_pf_socket(void)
 {
  int pf;
-  /*  Ideally, this should be opened before dropping privs. */
+  /* This should be opened before dropping privs. */
  if (pf_socket >= 0)
    return pf_socket;

--- a/src/or/or.h
+++ b/src/or/or.h
@ -2856,6 +2856,10 @@ typedef enum hostname_type_t {
 } hostname_type_t;
 hostname_type_t parse_extended_hostname(char *address);

+#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
+int get_pf_socket(void);
+#endif
+
 /********************************* connection_or.c ***************************/

 void connection_or_remove_from_identity_map(or_connection_t *conn);