Date: Thu, 21 May 2026 17:34:34 +0000 From: Christos Margiolis <christos@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 5f904cb1b05c - main - virtual_oss(8): Create loopback devices with GID_AUDIO Message-ID: <6a0f422a.2502c.6b5ae719@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by christos: URL: https://cgit.FreeBSD.org/src/commit/?id=5f904cb1b05c94453727abb606d6109fe504b10b commit 5f904cb1b05c94453727abb606d6109fe504b10b Author: Christos Margiolis <christos@FreeBSD.org> AuthorDate: 2026-05-06 16:19:27 +0000 Commit: Christos Margiolis <christos@FreeBSD.org> CommitDate: 2026-05-21 17:32:43 +0000 virtual_oss(8): Create loopback devices with GID_AUDIO Make sure the user is part of the audio group to avoid unintended snooping of loopback audio by unprivileged users. While here, retire voss_dsp_perm, since we don't use the same value everywhere now. Sponsored by: The FreeBSD Foundation MFC after: 1 week Reviewed by: emaste Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26 --- usr.sbin/virtual_oss/virtual_oss/main.c | 27 +++++++++++++++++++++----- usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 | 4 +++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/usr.sbin/virtual_oss/virtual_oss/main.c b/usr.sbin/virtual_oss/virtual_oss/main.c index 6a56adbc6075..1d24be89f3da 100644 --- a/usr.sbin/virtual_oss/virtual_oss/main.c +++ b/usr.sbin/virtual_oss/virtual_oss/main.c @@ -37,6 +37,7 @@ #include <dlfcn.h> #include <errno.h> +#include <grp.h> #include <stdio.h> #include <stdint.h> #include <stdlib.h> @@ -1620,7 +1621,6 @@ int voss_is_recording = 1; int voss_has_synchronization; volatile sig_atomic_t voss_exit = 0; -static int voss_dsp_perm = 0666; static int voss_do_background; static int voss_baseclone = 0; static const char *voss_pid_path; @@ -1864,7 +1864,24 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, { vprofile_t *ptr; struct cuse_dev *pdev; - int x; + struct group *gr; + gid_t gid; + int x, perm; + + if (!is_client) { + /* + * Loopback devices can be used only by users who part of the + * audio group, to avoid unintended snooping by unprivileged + * users. + */ + if ((gr = getgrnam("audio")) == NULL) + return ("getgrnam() failed"); + gid = gr->gr_gid; + perm = 0660; + } else { + gid = 0; + perm = 0666; + } rx_mute = rx_mute ? 1 : 0; tx_mute = tx_mute ? 1 : 0; @@ -1918,7 +1935,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, /* create DSP character device */ pdev = cuse_dev_create(&vclient_oss_methods, ptr, NULL, - 0, 0, voss_dsp_perm, ptr->oss_name); + 0, gid, perm, ptr->oss_name); if (pdev == NULL) { free(ptr); return ("Could not create CUSE DSP device"); @@ -1935,7 +1952,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, /* create WAV device */ if (ptr->wav_name[0] != 0) { pdev = cuse_dev_create(&vclient_wav_methods, ptr, NULL, - 0, 0, voss_dsp_perm, ptr->wav_name); + 0, gid, perm, ptr->wav_name); if (pdev == NULL) { free(ptr); return ("Could not create CUSE WAV device"); @@ -2612,7 +2629,7 @@ main(int argc, char **argv) if (voss_ctl_device[0] != 0) { pdev = cuse_dev_create(&vctl_methods, NULL, NULL, - 0, 0, voss_dsp_perm, voss_ctl_device); + 0, 0, 0666, voss_ctl_device); if (pdev == NULL) errx(EX_USAGE, "Could not create '/dev/%s'", voss_ctl_device); diff --git a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 index b607f45cd369..b9dc8fd86a3c 100644 --- a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 +++ b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 @@ -23,7 +23,7 @@ .\" SUCH DAMAGE. .\" .\" -.Dd April 17, 2026 +.Dd May 7, 2026 .Dt VIRTUAL_OSS 8 .Os .Sh NAME @@ -162,6 +162,8 @@ This option should be specified before the -d and -l options. Create an OSS device by given name. .It Fl l Ar name Create a loopback OSS device by given name. +Users have to be part of the audio group to access this device. +This is a security measure to avoid unintended snooping by unprivileged users. .It Fl L Ar name Create a loopback OSS device which acts as a master device. This option is used in conjunction with -f /dev/null .home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a0f422a.2502c.6b5ae719>