Fix EsounD daemon and library insecurities noted on BugTraq.

Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/. Also, the ~/.esd/socket of course needs only be 0644. Two macros had to be backed up by functions which returned a static buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME, both return constant strings as the new functions esd_unix_socket_dir() and esd_unix_socket_name(), so the static buffers are not particularly evil. The fix has been tested (without needing recompilation) by the most important EsounD-related apps, esd and XMMS, and works perfectly in both cases. It will be submitted to the EsounD maintainer to be fixed in the source distribution ASAP. Approved by: Security Officer Kris Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
author: green <green@FreeBSD.org> 2000-06-30 12:21:53 +0800
committer: green <green@FreeBSD.org> 2000-06-30 12:21:53 +0800
commit: 2afdb8123e2f2adba06081cad035880ae961874e (patch)
tree: d5382aeeba28b1d98ea0ade38ad131b2ecce6d6c /audio
parent: 6d49f05ed508b3e892f02311e1bd89ca79882783 (diff)
download: freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.tar.gz
freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.tar.zst
freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.zip
4 files changed, 107 insertions, 0 deletions
diff --git a/audio/esound/files/patch-ab b/audio/esound/files/patch-ab
new file mode 100644
index 000000000000..e9adf4705bbf
--- /dev/null
+++ b/audio/esound/files/patch-ab
@@ -0,0 +1,18 @@
+--- esd.h.orig	Thu Jun 29 23:12:53 2000
++++ esd.h	Thu Jun 29 23:12:41 2000
+@@ -7,8 +7,15 @@
+ #endif
+ 
+ /* path and name of the default EsounD domain socket */
++#if 0
+ #define ESD_UNIX_SOCKET_DIR	"/tmp/.esd"
+ #define ESD_UNIX_SOCKET_NAME	ESD_UNIX_SOCKET_DIR ## "/" ## "socket"
++#else
++char *esd_unix_socket_dir(void);
++char *esd_unix_socket_name(void);
++#define ESD_UNIX_SOCKET_DIR	esd_unix_socket_dir()
++#define ESD_UNIX_SOCKET_NAME	esd_unix_socket_name()
++#endif
+ 
+ /* length of the audio buffer size */
+ #define ESD_BUF_SIZE (4 * 1024)
diff --git a/audio/esound/files/patch-ac b/audio/esound/files/patch-ac
new file mode 100644
index 000000000000..f493138a02a1
--- /dev/null
+++ b/audio/esound/files/patch-ac
@@ -0,0 +1,32 @@
+--- esd.c.orig	Tue Apr  4 11:20:08 2000
++++ esd.c	Thu Jun 29 23:34:18 2000
+@@ -219,12 +219,12 @@
+ 	{	
+ 	  mkdir(ESD_UNIX_SOCKET_DIR,
+ 		S_IRUSR|S_IWUSR|S_IXUSR|
+-		S_IRGRP|S_IWGRP|S_IXGRP|
+-		S_IROTH|S_IWOTH|S_IXOTH);
++		S_IRGRP|S_IXGRP|
++		S_IROTH|S_IXOTH);
+ 	  chmod(ESD_UNIX_SOCKET_DIR,
+ 		S_IRUSR|S_IWUSR|S_IXUSR|
+-		S_IRGRP|S_IWGRP|S_IXGRP|
+-		S_IROTH|S_IWOTH|S_IXOTH);
++		S_IRGRP|S_IXGRP|
++		S_IROTH|S_IXOTH);
+ 	}
+       if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
+ 	{
+@@ -317,9 +317,9 @@
+       /* let anyone access esd's socket - but we have authentication so they */
+       /* wont get far if they dont have the auth key */
+       chmod(ESD_UNIX_SOCKET_NAME, 
+-	    S_IRUSR|S_IWUSR|S_IXUSR|
+-	    S_IRGRP|S_IWGRP|S_IXGRP|
+-	    S_IROTH|S_IWOTH|S_IXOTH);
++	    S_IRUSR|S_IWUSR|
++	    S_IRGRP|
++	    S_IROTH);
+     }
+     if (listen(socket_listen,16)<0)
+     {
diff --git a/audio/esound/files/patch-ad b/audio/esound/files/patch-ad
new file mode 100644
index 000000000000..9d85c98df16a
--- /dev/null
+++ b/audio/esound/files/patch-ad
@@ -0,0 +1,46 @@
+--- esdlib.c.orig	Thu Jun 29 23:31:04 2000
++++ esdlib.c	Thu Jun 29 23:31:21 2000
+@@ -19,6 +19,8 @@
+ #include <arpa/inet.h>
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <pwd.h>
++#include <limits.h>
+ 
+ #include <sys/un.h>
+ 
+@@ -1421,4 +1423,34 @@
+     */
+ 
+     return close( esd );
++}
++
++char *
++esd_unix_socket_dir(void) {
++	static char *sockdir = NULL, sockdirbuf[PATH_MAX];
++	struct passwd *pw;
++
++	if (sockdir != NULL)
++		return (sockdir);
++	pw = getpwuid(getuid());
++	if (pw == NULL || pw->pw_dir == NULL) {
++		fprintf(stderr, "esd: could not find home directory\n");
++		exit(1);
++	}
++	snprintf(sockdirbuf, sizeof(sockdirbuf), "%s/.esd", pw->pw_dir);
++	endpwent();
++	sockdir = sockdirbuf;
++	return (sockdir);
++}
++
++char *
++esd_unix_socket_name(void) {
++	static char *sockname = NULL, socknamebuf[PATH_MAX];
++
++	if (sockname != NULL)
++		return (sockname);
++	snprintf(socknamebuf, sizeof(socknamebuf), "%s/socket",
++	    esd_unix_socket_dir());
++	sockname = socknamebuf;
++	return (sockname);
+ }
diff --git a/audio/esound/files/patch-ae b/audio/esound/files/patch-ae
new file mode 100644
index 000000000000..891f45cad290
--- /dev/null
+++ b/audio/esound/files/patch-ae
@@ -0,0 +1,11 @@
+--- ltmain.sh.orig	Thu Jun 29 23:41:49 2000
++++ ltmain.sh	Thu Jun 29 23:45:36 2000
+@@ -3227,7 +3227,7 @@
+ 	  outputname=
+ 	  if test "$fast_install" = no && test -n "$relink_command"; then
+ 	    if test "$finalize" = yes; then
+-	      outputname="/tmp/$$-$file"
++	      outputname=$(mktemp "${TMPDIR:-/tmp}/$file.XXXXXX") || exit $?
+ 	      # Replace the output file specification.
+ 	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
author	green <green@FreeBSD.org>	2000-06-30 12:21:53 +0800
committer	green <green@FreeBSD.org>	2000-06-30 12:21:53 +0800
commit	2afdb8123e2f2adba06081cad035880ae961874e (patch)
tree	d5382aeeba28b1d98ea0ade38ad131b2ecce6d6c /audio
parent	6d49f05ed508b3e892f02311e1bd89ca79882783 (diff)
download	freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.tar.gz freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.tar.zst freebsd-ports-gnome-2afdb8123e2f2adba06081cad035880ae961874e.zip