]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c7514b9)
fix sandbox for bandwidth authority
authorPeter Palfrader <weasel@debian.org>
Fri, 7 Jun 2024 17:29:52 +0000 (19:29 +0200)
committertrinity-1686a <trinity@deuxfleurs.fr>
Fri, 7 Jun 2024 17:38:10 +0000 (19:38 +0200)
changes/bug40933 [new file with mode: 0644] patch | blob
src/app/main/main.c patch | blob | blame | history
src/lib/fs/files.c patch | blob | blame | history

diff --git a/changes/bug40933 b/changes/bug40933
new file mode 100644 (file)
index 0000000..c4f9eb0
--- /dev/null
+++ b/changes/bug40933
@@ -0,0 +1,3 @@
+  o Minor bugfixes (sandbox, bwauth):
+    - Fix sandbox to work for bandwidth authority. Fixes bug 40933; bugfix on
+      0.2.2.1-alpha
diff --git a/src/app/main/main.c b/src/app/main/main.c
index a50a0aad6f7e48e627b1aae4dfdb7094ff36a7bd..6d05bd1f5e2489473e19f793ee964e9aeef82949 100644 (file)
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -926,6 +926,11 @@ sandbox_init_filter(void)
     OPEN_DATADIR("approved-routers");
     OPEN_DATADIR_SUFFIX("my-consensus-microdesc", ".tmp");
     OPEN_DATADIR_SUFFIX("my-consensus-ns", ".tmp");
+    if (options->V3BandwidthsFile) {
+      log_notice(LD_GENERAL, "Adding V3BandwidthsFile %s to sandboxing set.",
+                 options->V3BandwidthsFile);
+      OPEN(options->V3BandwidthsFile);
+    }
   }
 
   if (options->ServerDNSResolvConfFile)
diff --git a/src/lib/fs/files.c b/src/lib/fs/files.c
index df59222913d6e9e7bbb007df21e28d479067d900..914a8b8e720c9cc70ea18f7a8ba4718efec123cb 100644 (file)
--- a/src/lib/fs/files.c
+++ b/src/lib/fs/files.c
@@ -85,7 +85,8 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
 FILE *
 tor_fopen_cloexec(const char *path, const char *mode)
 {
-  FILE *result = fopen(path, mode);
+  const char *p = sandbox_intern_string(path);
+  FILE *result = fopen(p, mode);
 #ifdef FD_CLOEXEC
   if (result != NULL) {
     if (fcntl(fileno(result), F_SETFD, FD_CLOEXEC) == -1) {
Mirror of https://git.torproject.org/tor.git