diff options
| author | Brian Feldman <green@FreeBSD.org> | 2000-06-30 04:21:53 +0000 |
|---|---|---|
| committer | Brian Feldman <green@FreeBSD.org> | 2000-06-30 04:21:53 +0000 |
| commit | b5f03b15f606a644eeeb1ac3fcd35fd5141ea65b (patch) | |
| tree | 2c4229a138f2edb962a89d7b3cce3c8b2ab87e2f /audio/esound/files/patch-ad | |
| parent | Add oo2c, an Oberon-2 compiler. (diff) | |
Fix EsounD daemon and library insecurities noted on BugTraq.
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.
Two macros had to be backed up by functions which returned a static
buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.
The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases. It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.
Approved by: Security Officer Kris
Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
Diffstat (limited to 'audio/esound/files/patch-ad')
| -rw-r--r-- | audio/esound/files/patch-ad | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/audio/esound/files/patch-ad b/audio/esound/files/patch-ad new file mode 100644 index 000000000000..9d85c98df16a --- /dev/null +++ b/audio/esound/files/patch-ad @@ -0,0 +1,46 @@ +--- esdlib.c.orig Thu Jun 29 23:31:04 2000 ++++ esdlib.c Thu Jun 29 23:31:21 2000 +@@ -19,6 +19,8 @@ + #include <arpa/inet.h> + #include <errno.h> + #include <sys/wait.h> ++#include <pwd.h> ++#include <limits.h> + + #include <sys/un.h> + +@@ -1421,4 +1423,34 @@ + */ + + return close( esd ); ++} ++ ++char * ++esd_unix_socket_dir(void) { ++ static char *sockdir = NULL, sockdirbuf[PATH_MAX]; ++ struct passwd *pw; ++ ++ if (sockdir != NULL) ++ return (sockdir); ++ pw = getpwuid(getuid()); ++ if (pw == NULL || pw->pw_dir == NULL) { ++ fprintf(stderr, "esd: could not find home directory\n"); ++ exit(1); ++ } ++ snprintf(sockdirbuf, sizeof(sockdirbuf), "%s/.esd", pw->pw_dir); ++ endpwent(); ++ sockdir = sockdirbuf; ++ return (sockdir); ++} ++ ++char * ++esd_unix_socket_name(void) { ++ static char *sockname = NULL, socknamebuf[PATH_MAX]; ++ ++ if (sockname != NULL) ++ return (sockname); ++ snprintf(socknamebuf, sizeof(socknamebuf), "%s/socket", ++ esd_unix_socket_dir()); ++ sockname = socknamebuf; ++ return (sockname); + } |