freebsd-ports/audio/esound/files/patch-ae
Brian Feldman b5f03b15f6 Fix EsounD daemon and library insecurities noted on BugTraq.
Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.

Two macros had to be backed up by functions which returned a static
buffer.  These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.

The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases.  It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.

Approved by:    Security Officer Kris
Noticed by:     Stan Bubrouski <satan@FASTDIAL.NET>
2000-06-30 04:21:53 +00:00

12 lines
476 B
Plaintext

--- ltmain.sh.orig Thu Jun 29 23:41:49 2000
+++ ltmain.sh Thu Jun 29 23:45:36 2000
@@ -3227,7 +3227,7 @@
outputname=
if test "$fast_install" = no && test -n "$relink_command"; then
if test "$finalize" = yes; then
- outputname="/tmp/$$-$file"
+ outputname=$(mktemp "${TMPDIR:-/tmp}/$file.XXXXXX") || exit $?
# Replace the output file specification.
relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`