From: David Stainton <dstainton415@gmail.com>
Date: Thu, 4 Sep 2014 22:21:30 +0000 (+0000)
Subject: Fix permissions logic
X-Git-Tag: tor-0.2.6.2-alpha~108^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b59fd2efb61e0b6def3fdbf4b8e359acc852776c;p=thirdparty%2Ftor.git

Fix permissions logic
---

diff --git a/src/common/util.c b/src/common/util.c
index 3f04932112..bf00270df3 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1988,23 +1988,25 @@ check_private_dir(const char *dirname, cpd_check_t check,
     tor_free(process_groupname);
     return -1;
   }
-  if (check & CPD_CHECK_MODE_ONLY) {
-    if (check & CPD_GROUP_OK || check & CPD_GROUP_READ) {
-      if (!st.st_mode & 0027) {
-        log_warn(LD_FS, "Incorrect permissions on directory %s a.", dirname);
-        return -1;
-      }
-    }
+  if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
+    mask = 0027;
   } else {
-    log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
+    mask = 0077;
+  }
+  if (st.st_mode & mask) {
     unsigned new_mode;
-    new_mode = 0700;
-    if (check & CPD_GROUP_OK) {
-      new_mode = 0700;
+    if (check & CPD_CHECK_MODE_ONLY) {
+      log_warn(LD_FS, "Permissions on directory %s are too permissive.",
+               dirname);
+      return -1;
     }
+    log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
+    new_mode = st.st_mode;
+    new_mode |= 0700; /* Owner should have rwx */
     if (check & CPD_GROUP_READ) {
-      new_mode = 0750;
+      new_mode |= 0050; /* Group should have rx */
     }
+    new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
     if (chmod(dirname, new_mode)) {
       log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
                strerror(errno));