now that we drop privs more thoroughly, switch_id() is no longer

idempotent. so now we remember if we've succeeded, and if so we
don't even try.

svn:r17204

diff --git a/src/common/compat.c b/src/common/compat.c
index ecbae6ab0b2a01e48c1e8436311085d9566296e2..e8b7ab54a7da02e164b1234581e32e865c5a0626 100644 (file)
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1026,9 +1026,13 @@ switch_id(const char *user)
   struct passwd *pw = NULL;
   uid_t old_uid;
   gid_t old_gid;
+  static int have_already_switched_id = 0;
 
   tor_assert(user);
 
+  if (have_already_switched_id)
+    return 0;
+
   /* Log the initial credential state */
   if (log_credential_status())
     return -1;
@@ -1117,6 +1121,7 @@ switch_id(const char *user)
     return -1;
   }
 
+  have_already_switched_id = 1; /* mark success so we never try again */
   return 0;
 
 #else

diff --git a/src/or/config.c b/src/or/config.c
index 66ee6cd52be8e09e6206a7bbb09505128fd5fef6..397d77b7d9b37b16ef84e3badc0d549c11848f9a 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1084,8 +1084,6 @@ options_act_reversible(or_options_t *old_options, char **msg)
 
   /* Setuid/setgid as appropriate */
   if (options->User) {
-    /* XXXX021 We should only do this the first time through, not on
-     * every setconf. */
     if (switch_id(options->User) != 0) {
       /* No need to roll back, since you can't change the value. */
       *msg = tor_strdup("Problem with User value. See logs for details.");