1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-28 01:06:17 +00:00
freebsd-ports/audio/esound
Brian Feldman b5f03b15f6 Fix EsounD daemon and library insecurities noted on BugTraq.
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.

Two macros had to be backed up by functions which returned a static
buffer.  These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.

The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases.  It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.

Approved by:    Security Officer Kris
Noticed by:     Stan Bubrouski <satan@FASTDIAL.NET>
2000-06-30 04:21:53 +00:00
..
files Fix EsounD daemon and library insecurities noted on BugTraq. 2000-06-30 04:21:53 +00:00
distinfo Update to 0.2.18 2000-04-06 15:30:28 +00:00
Makefile Rename INSTALLS_SHLIBS to INSTALLS_SHLIB. (There was a typo in the 2000-06-16 21:52:40 +00:00
pkg-comment As threatened, enforce the "Capital, no period" rule. Ellipses are 1999-06-26 17:19:19 +00:00
pkg-descr Adding missing WWW Site references ... 1999-06-05 05:36:46 +00:00
pkg-plist Final round of the INSTALLS_SHLIBS=yes conversion. Few remaining ports with 2000-06-16 10:38:50 +00:00