From owner-cvs-all Thu Jun 29 21:21:58 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2FA5637B5B5; Thu, 29 Jun 2000 21:21:54 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: (from green@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id VAA41178; Thu, 29 Jun 2000 21:21:54 -0700 (PDT) (envelope-from green@FreeBSD.org) Message-Id: <200006300421.VAA41178@freefall.freebsd.org> From: Brian Feldman Date: Thu, 29 Jun 2000 21:21:54 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/audio/esound/patches patch-ab patch-ac patch-ad patch-ae X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG green 2000/06/29 21:21:54 PDT Added files: audio/esound/patches patch-ab patch-ac patch-ad patch-ae Log: Fix EsounD daemon and library insecurities noted on BugTraq. Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/. Also, the ~/.esd/socket of course needs only be 0644. Two macros had to be backed up by functions which returned a static buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME, both return constant strings as the new functions esd_unix_socket_dir() and esd_unix_socket_name(), so the static buffers are not particularly evil. The fix has been tested (without needing recompilation) by the most important EsounD-related apps, esd and XMMS, and works perfectly in both cases. It will be submitted to the EsounD maintainer to be fixed in the source distribution ASAP. Approved by: Security Officer Kris Noticed by: Stan Bubrouski To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message