b5f03b15f6
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/. Also, the ~/.esd/socket of course needs only be 0644. Two macros had to be backed up by functions which returned a static buffer. These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME, both return constant strings as the new functions esd_unix_socket_dir() and esd_unix_socket_name(), so the static buffers are not particularly evil. The fix has been tested (without needing recompilation) by the most important EsounD-related apps, esd and XMMS, and works perfectly in both cases. It will be submitted to the EsounD maintainer to be fixed in the source distribution ASAP. Approved by: Security Officer Kris Noticed by: Stan Bubrouski <satan@FASTDIAL.NET>
47 lines
1005 B
Plaintext
47 lines
1005 B
Plaintext
--- esdlib.c.orig Thu Jun 29 23:31:04 2000
|
|
+++ esdlib.c Thu Jun 29 23:31:21 2000
|
|
@@ -19,6 +19,8 @@
|
|
#include <arpa/inet.h>
|
|
#include <errno.h>
|
|
#include <sys/wait.h>
|
|
+#include <pwd.h>
|
|
+#include <limits.h>
|
|
|
|
#include <sys/un.h>
|
|
|
|
@@ -1421,4 +1423,34 @@
|
|
*/
|
|
|
|
return close( esd );
|
|
+}
|
|
+
|
|
+char *
|
|
+esd_unix_socket_dir(void) {
|
|
+ static char *sockdir = NULL, sockdirbuf[PATH_MAX];
|
|
+ struct passwd *pw;
|
|
+
|
|
+ if (sockdir != NULL)
|
|
+ return (sockdir);
|
|
+ pw = getpwuid(getuid());
|
|
+ if (pw == NULL || pw->pw_dir == NULL) {
|
|
+ fprintf(stderr, "esd: could not find home directory\n");
|
|
+ exit(1);
|
|
+ }
|
|
+ snprintf(sockdirbuf, sizeof(sockdirbuf), "%s/.esd", pw->pw_dir);
|
|
+ endpwent();
|
|
+ sockdir = sockdirbuf;
|
|
+ return (sockdir);
|
|
+}
|
|
+
|
|
+char *
|
|
+esd_unix_socket_name(void) {
|
|
+ static char *sockname = NULL, socknamebuf[PATH_MAX];
|
|
+
|
|
+ if (sockname != NULL)
|
|
+ return (sockname);
|
|
+ snprintf(socknamebuf, sizeof(socknamebuf), "%s/socket",
|
|
+ esd_unix_socket_dir());
|
|
+ sockname = socknamebuf;
|
|
+ return (sockname);
|
|
}
|