r13186@catbus: nickm | 2007-06-03 19:00:20 -0400
Bind ports before setuid/setgid. svn:r10473
This commit is contained in:
parent
147e439c94
commit
d3ee41619c
|
@ -1,5 +1,10 @@
|
|||
Changes in version 0.2.0.3-alpha - 2007-??-??
|
||||
o Minor bugfixes ():
|
||||
o Minor features:
|
||||
- Create listener connections before we setuid to the configured User and
|
||||
Group. This way, you can choose port values under 1024, start Tor as
|
||||
root, and have Tor bind those ports before it changes to another UID.
|
||||
|
||||
o Minor bugfixes (dns):
|
||||
- Fix a crash when DNSPort is set more than once. (Patch from Robert
|
||||
Hogan.)
|
||||
|
||||
|
|
2
doc/TODO
2
doc/TODO
|
@ -246,7 +246,7 @@ Things we'd like to do in 0.2.0.x:
|
|||
- Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)
|
||||
- ...
|
||||
- Let servers decide to support BEGIN_DIR but not DirPort.
|
||||
- Tor should bind its ports before dropping privs, so users don't
|
||||
o Tor should bind its ports before dropping privs, so users don't
|
||||
have to do the ipchains dance.
|
||||
- Blocking-resistance.
|
||||
- It would be potentially helpful to https requests on the OR port by
|
||||
|
|
|
@ -804,11 +804,36 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
int r = -1;
|
||||
int logs_marked = 0;
|
||||
|
||||
/* Daemonize _first_, since we only want to open most of this stuff in
|
||||
* the subprocess. */
|
||||
if (running_tor && options->RunAsDaemon) {
|
||||
/* No need to roll back, since you can't change the value. */
|
||||
start_daemon();
|
||||
}
|
||||
|
||||
/* We need to set the connection limit before we can open the listeners. */
|
||||
options->_ConnLimit =
|
||||
set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
|
||||
if (options->_ConnLimit < 0) {
|
||||
*msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
|
||||
goto rollback;
|
||||
}
|
||||
set_conn_limit = 1;
|
||||
|
||||
/* Set up libevent. (We need to do this before we can register the
|
||||
* listeners as listeners.) */
|
||||
if (running_tor && !libevent_initialized) {
|
||||
init_libevent();
|
||||
libevent_initialized = 1;
|
||||
}
|
||||
|
||||
/* Launch the listeners. (We do this before we setuid, so we can bind to
|
||||
* ports under 1024.) */
|
||||
if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
|
||||
*msg = tor_strdup("Failed to bind one of the listener ports.");
|
||||
goto rollback;
|
||||
}
|
||||
|
||||
/* Setuid/setgid as appropriate */
|
||||
if (options->User || options->Group) {
|
||||
if (switch_id(options->User, options->Group) != 0) {
|
||||
|
@ -819,12 +844,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
}
|
||||
}
|
||||
|
||||
/* Set up libevent. */
|
||||
if (running_tor && !libevent_initialized) {
|
||||
init_libevent();
|
||||
libevent_initialized = 1;
|
||||
}
|
||||
|
||||
/* Ensure data directory is private; create if possible. */
|
||||
if (check_private_dir(options->DataDirectory, CPD_CREATE)<0) {
|
||||
char buf[1024];
|
||||
|
@ -841,19 +860,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
if (options->command != CMD_RUN_TOR)
|
||||
goto commit;
|
||||
|
||||
options->_ConnLimit =
|
||||
set_max_file_descriptors((unsigned)options->ConnLimit, MAXCONNECTIONS);
|
||||
if (options->_ConnLimit < 0) {
|
||||
*msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
|
||||
goto rollback;
|
||||
}
|
||||
set_conn_limit = 1;
|
||||
|
||||
if (retry_all_listeners(0, replaced_listeners, new_listeners) < 0) {
|
||||
*msg = tor_strdup("Failed to bind one of the listener ports.");
|
||||
goto rollback;
|
||||
}
|
||||
|
||||
mark_logs_temp(); /* Close current logs once new logs are open. */
|
||||
logs_marked = 1;
|
||||
if (options_init_logs(options, 0)<0) { /* Configure the log(s) */
|
||||
|
|
Loading…
Reference in New Issue