Add UnixSocketsGroupWritable config flag

When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index d95d764c670fcf21fa050e0f120a63874ff9dc96..d0d0c2f7cb8bbafe8a7b5bc7576fcb2890bbcbf0 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -167,6 +167,11 @@ Other options can be specified either on the command-line (--option
     Like ControlPort, but listens on a Unix domain socket, rather than a TCP
     socket. (Unix and Unix-like systems only.)
 
+**UnixSocketsGroupWritable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read and
+    write unix sockets (e.g. ControlSocket). If the option is set to 1, make
+    the control socket readable and writable by the default GID. (Default: 0)
+
 **HashedControlPassword** __hashed_password__::
     Don't allow any connections on the control port except when the other
     process knows the password whose one-way hash is __hashed_password__. You

diff --git a/src/or/config.c b/src/or/config.c
index 6a2742d9542fbf22a7434888765eb1b5b03438cc..c81fc9c5944bc1f34440482469666859646c80f7 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -209,6 +209,7 @@ static config_var_t _option_vars[] = {
   V(ControlPortFileGroupReadable,BOOL,     "0"),
   V(ControlPortWriteToFile,      FILENAME, NULL),
   V(ControlSocket,               LINELIST, NULL),
+  V(UnixSocketsGroupWritable,    BOOL,     "0"),
   V(CookieAuthentication,        BOOL,     "0"),
   V(CookieAuthFileGroupReadable, BOOL,     "0"),
   V(CookieAuthFile,              STRING,   NULL),
@@ -952,7 +953,7 @@ options_act_reversible(or_options_t *old_options, char **msg)
   }
 
 #ifndef HAVE_SYS_UN_H
-  if (options->ControlSocket) {
+  if (options->ControlSocket || options->UnixSocketsGroupWritable) {
     *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported"
                       " on this OS/with this build.");
     goto rollback;

diff --git a/src/or/connection.c b/src/or/connection.c
index 01b533d9b5fd295ff5765404964241a5624a69e5..d0898c5e5c59ba49ddb7d817cfe7137cd55c1c63 100644 (file)
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -966,6 +966,13 @@ connection_create_listener(const struct sockaddr *listensockaddr,
                tor_socket_strerror(tor_socket_errno(s)));
       goto err;
     }
+    if (get_options()->UnixSocketsGroupWritable) {
+      if (chmod(address, 0660) < 0) {
+        log_warn(LD_FS,"Unable to make %s group-readable.", address);
+        tor_close_socket(s);
+        goto err;
+      }
+    }
 
     if (listen(s,SOMAXCONN) < 0) {
       log_warn(LD_NET, "Could not listen on %s: %s", address,

diff --git a/src/or/or.h b/src/or/or.h
index 5647691550b7d51b795e1aa3e22619f578ac53fb..b72693f02952a5f03315303f10412c16853fb10a 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2445,6 +2445,7 @@ typedef struct {
   int ControlPort; /**< Port to listen on for control connections. */
   config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on
                                  * for control connections. */
+  int UnixSocketsGroupWritable; /**< Boolean: Are unix sockets g+rw? */
   int DirPort; /**< Port to listen on for directory connections. */
   int DNSPort; /**< Port to listen on for DNS requests. */
   int AssumeReachable; /**< Whether to publish our descriptor regardless. */