|
|
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.
Two macros had to be backed up by functions which returned a static
buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.
The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases. It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.
Approved by: Security Officer Kris
Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
|
