r13186@catbus: nickm | 2007-06-03 19:00:20 -0400

Bind ports before setuid/setgid. svn:r10473
2007-06-03 23:00:26 +00:00 · 2007-06-03 23:00:26 +00:00 · d3ee41619c
parent 147e439c94
commit d3ee41619c
3 changed files with 32 additions and 21 deletions
--- a/7
+++ b/7
@ -1,5 +1,10 @@
 Changes in version 0.2.0.3-alpha - 2007-??-??
-  o Minor bugfixes ():
+  o Minor features:
+    - Create listener connections before we setuid to the configured User and
+      Group.  This way, you can choose port values under 1024, start Tor as
+      root, and have Tor bind those ports before it changes to another UID.
+
+  o Minor bugfixes (dns):
    - Fix a crash when DNSPort is set more than once. (Patch from Robert
      Hogan.)

--- a/doc/TODO
+++ b/doc/TODO
@ -246,7 +246,7 @@ Things we'd like to do in 0.2.0.x:
        - Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)
        - ...
    - Let servers decide to support BEGIN_DIR but not DirPort.
-    - Tor should bind its ports before dropping privs, so users don't
+    o Tor should bind its ports before dropping privs, so users don't
      have to do the ipchains dance.
    - Blocking-resistance.
    - It would be potentially helpful to https requests on the OR port by
--- a/src/or/config.c
+++ b/src/or/config.c
@ -804,11 +804,36 @@ options_act_reversible(or_options_t *old_options, char **msg)
  int r = -1;
  int logs_marked = 0;

+  /* Daemonize _first_, since we only want to open most of this stuff in
+   * the subprocess. */
  if (running_tor && options->RunAsDaemon) {
    /* No need to roll back, since you can't change the value. */
    start_daemon();
  }

+  /* We need to set the connection limit before we can open the listeners. */
+  options->_ConnLimit =
+    set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
+  if (options->_ConnLimit < 0) {
+    *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
+    goto rollback;
+  }
+  set_conn_limit = 1;
+
+  /* Set up libevent.  (We need to do this before we can register the
+   * listeners as listeners.) */
+  if (running_tor && !libevent_initialized) {
+    init_libevent();
+    libevent_initialized = 1;
+  }
+
+  /* Launch the listeners.  (We do this before we setuid, so we can bind to
+   * ports under 1024.) */
+  if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
+    *msg = tor_strdup("Failed to bind one of the listener ports.");
+    goto rollback;
+  }
+
  /* Setuid/setgid as appropriate */
  if (options->User || options->Group) {
    if (switch_id(options->User, options->Group) != 0) {
@ -819,12 +844,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
    }
  }

-  /* Set up libevent. */
-  if (running_tor && !libevent_initialized) {
-    init_libevent();
-    libevent_initialized = 1;
-  }
-
  /* Ensure data directory is private; create if possible. */
  if (check_private_dir(options->DataDirectory, CPD_CREATE)<0) {
    char buf[1024];
@ -841,19 +860,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
  if (options->command != CMD_RUN_TOR)
    goto commit;

-  options->_ConnLimit =
-    set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
-  if (options->_ConnLimit < 0) {
-    *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
-    goto rollback;
-  }
-  set_conn_limit = 1;
-
-  if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
-    *msg = tor_strdup("Failed to bind one of the listener ports.");
-    goto rollback;
-  }
-
  mark_logs_temp(); /* Close current logs once new logs are open. */
  logs_marked = 1;
  if (options_init_logs(options, 0)<0) { /* Configure the log(s) */