Date: Thu, 29 Jun 2000 21:21:54 -0700 (PDT) From: Brian Feldman <green@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/audio/esound/patches patch-ab patch-ac patch-ad patch-ae Message-ID: <200006300421.VAA41178@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
green 2000/06/29 21:21:54 PDT
Added files:
audio/esound/patches patch-ab patch-ac patch-ad patch-ae
Log:
Fix EsounD daemon and library insecurities noted on BugTraq.
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.
Two macros had to be backed up by functions which returned a static
buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.
The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases. It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.
Approved by: Security Officer Kris
Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006300421.VAA41178>