mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-19 19:59:43 +00:00
Fix EsounD daemon and library insecurities noted on BugTraq.
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/. Also, the ~/.esd/socket of course needs only be 0644. Two macros had to be backed up by functions which returned a static buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME, both return constant strings as the new functions esd_unix_socket_dir() and esd_unix_socket_name(), so the static buffers are not particularly evil. The fix has been tested (without needing recompilation) by the most important EsounD-related apps, esd and XMMS, and works perfectly in both cases. It will be submitted to the EsounD maintainer to be fixed in the source distribution ASAP. Approved by: Security Officer Kris Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
This commit is contained in:
parent
42563e8477
commit
b5f03b15f6
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=30007
18
audio/esound/files/patch-ab
Normal file
18
audio/esound/files/patch-ab
Normal file
@ -0,0 +1,18 @@
|
||||
--- esd.h.orig Thu Jun 29 23:12:53 2000
|
||||
+++ esd.h Thu Jun 29 23:12:41 2000
|
||||
@@ -7,8 +7,15 @@
|
||||
#endif
|
||||
|
||||
/* path and name of the default EsounD domain socket */
|
||||
+#if 0
|
||||
#define ESD_UNIX_SOCKET_DIR "/tmp/.esd"
|
||||
#define ESD_UNIX_SOCKET_NAME ESD_UNIX_SOCKET_DIR ## "/" ## "socket"
|
||||
+#else
|
||||
+char *esd_unix_socket_dir(void);
|
||||
+char *esd_unix_socket_name(void);
|
||||
+#define ESD_UNIX_SOCKET_DIR esd_unix_socket_dir()
|
||||
+#define ESD_UNIX_SOCKET_NAME esd_unix_socket_name()
|
||||
+#endif
|
||||
|
||||
/* length of the audio buffer size */
|
||||
#define ESD_BUF_SIZE (4 * 1024)
|
32
audio/esound/files/patch-ac
Normal file
32
audio/esound/files/patch-ac
Normal file
@ -0,0 +1,32 @@
|
||||
--- esd.c.orig Tue Apr 4 11:20:08 2000
|
||||
+++ esd.c Thu Jun 29 23:34:18 2000
|
||||
@@ -219,12 +219,12 @@
|
||||
{
|
||||
mkdir(ESD_UNIX_SOCKET_DIR,
|
||||
S_IRUSR|S_IWUSR|S_IXUSR|
|
||||
- S_IRGRP|S_IWGRP|S_IXGRP|
|
||||
- S_IROTH|S_IWOTH|S_IXOTH);
|
||||
+ S_IRGRP|S_IXGRP|
|
||||
+ S_IROTH|S_IXOTH);
|
||||
chmod(ESD_UNIX_SOCKET_DIR,
|
||||
S_IRUSR|S_IWUSR|S_IXUSR|
|
||||
- S_IRGRP|S_IWGRP|S_IXGRP|
|
||||
- S_IROTH|S_IWOTH|S_IXOTH);
|
||||
+ S_IRGRP|S_IXGRP|
|
||||
+ S_IROTH|S_IXOTH);
|
||||
}
|
||||
if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
|
||||
{
|
||||
@@ -317,9 +317,9 @@
|
||||
/* let anyone access esd's socket - but we have authentication so they */
|
||||
/* wont get far if they dont have the auth key */
|
||||
chmod(ESD_UNIX_SOCKET_NAME,
|
||||
- S_IRUSR|S_IWUSR|S_IXUSR|
|
||||
- S_IRGRP|S_IWGRP|S_IXGRP|
|
||||
- S_IROTH|S_IWOTH|S_IXOTH);
|
||||
+ S_IRUSR|S_IWUSR|
|
||||
+ S_IRGRP|
|
||||
+ S_IROTH);
|
||||
}
|
||||
if (listen(socket_listen,16)<0)
|
||||
{
|
46
audio/esound/files/patch-ad
Normal file
46
audio/esound/files/patch-ad
Normal file
@ -0,0 +1,46 @@
|
||||
--- esdlib.c.orig Thu Jun 29 23:31:04 2000
|
||||
+++ esdlib.c Thu Jun 29 23:31:21 2000
|
||||
@@ -19,6 +19,8 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <errno.h>
|
||||
#include <sys/wait.h>
|
||||
+#include <pwd.h>
|
||||
+#include <limits.h>
|
||||
|
||||
#include <sys/un.h>
|
||||
|
||||
@@ -1421,4 +1423,34 @@
|
||||
*/
|
||||
|
||||
return close( esd );
|
||||
+}
|
||||
+
|
||||
+char *
|
||||
+esd_unix_socket_dir(void) {
|
||||
+ static char *sockdir = NULL, sockdirbuf[PATH_MAX];
|
||||
+ struct passwd *pw;
|
||||
+
|
||||
+ if (sockdir != NULL)
|
||||
+ return (sockdir);
|
||||
+ pw = getpwuid(getuid());
|
||||
+ if (pw == NULL || pw->pw_dir == NULL) {
|
||||
+ fprintf(stderr, "esd: could not find home directory\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ snprintf(sockdirbuf, sizeof(sockdirbuf), "%s/.esd", pw->pw_dir);
|
||||
+ endpwent();
|
||||
+ sockdir = sockdirbuf;
|
||||
+ return (sockdir);
|
||||
+}
|
||||
+
|
||||
+char *
|
||||
+esd_unix_socket_name(void) {
|
||||
+ static char *sockname = NULL, socknamebuf[PATH_MAX];
|
||||
+
|
||||
+ if (sockname != NULL)
|
||||
+ return (sockname);
|
||||
+ snprintf(socknamebuf, sizeof(socknamebuf), "%s/socket",
|
||||
+ esd_unix_socket_dir());
|
||||
+ sockname = socknamebuf;
|
||||
+ return (sockname);
|
||||
}
|
11
audio/esound/files/patch-ae
Normal file
11
audio/esound/files/patch-ae
Normal file
@ -0,0 +1,11 @@
|
||||
--- ltmain.sh.orig Thu Jun 29 23:41:49 2000
|
||||
+++ ltmain.sh Thu Jun 29 23:45:36 2000
|
||||
@@ -3227,7 +3227,7 @@
|
||||
outputname=
|
||||
if test "$fast_install" = no && test -n "$relink_command"; then
|
||||
if test "$finalize" = yes; then
|
||||
- outputname="/tmp/$$-$file"
|
||||
+ outputname=$(mktemp "${TMPDIR:-/tmp}/$file.XXXXXX") || exit $?
|
||||
# Replace the output file specification.
|
||||
relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
|
||||
|
Loading…
Reference in New Issue
Block a user