From owner-freebsd-bugs  Mon May 15 12:20:02 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id MAA12270
          for bugs-outgoing; Mon, 15 May 1995 12:20:02 -0700
Received: (from gnats@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id MAA12263
          ; Mon, 15 May 1995 12:20:01 -0700
Date: Mon, 15 May 1995 12:20:01 -0700
Message-Id: <199505151920.MAA12263@freefall.cdrom.com>
From: Paul Traina <pst@Shockwave.COM>
Reply-To: Paul Traina <pst@Shockwave.COM>
To: freebsd-bugs
Subject: misc/423: security of sound devices
In-Reply-To: Your message of Mon, 15 May 1995 12:17:17 -0700
	<199505151917.MAA20608@precipice.shockwave.com>
Sender: bugs-owner@FreeBSD.org
Precedence: bulk


>Number:         423
>Category:       misc
>Synopsis:       Sound devices are too insecure
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 15 12:20:00 1995
>Originator:     Paul Traina
>Organization:
Shockwave Engineering
>Release:        FreeBSD BUILT-19950426 i386
>Environment:

FreeBSD *.* with sound driver support added.

>Description:

We currently set the permissions on these devices wide open,  as it's
easy to get unprivileged programs to work with them.

Unfortunately, it also means I can bug your room if I can rsh to your
machine,  or better yet, make farting noises on your speakers.


>How-To-Repeat:

cat farting-noise.au | rsh time.cdrom.com "cat >/dev/audio"

rsh time.cdrom.com "cat </dev/audio" | cat >/dev/audio

>Fix:

I thought about creating a new group to own the devices,  following the
dialer convention for modem devices,  but then everything would have to be
setgid,  and in point of fact, this is the wrong model.

The right model is to do the same thing that we do with /dev/console.  If
you're logged in at the console (or local X server), you own the sound devices.
When you logout, they should go back to root.sound ownership, with no world
access.

Whomever owns the console should also own the sound devices.  I think this
should be implemented by changing the protections of the sound devices at
the same time the console and tty devices are changed.  I don't think this
should be done as a kernel hack,  and I think there should be a trivial
way to disable this default behavior.
>Audit-Trail:
>Unformatted: