[pulseaudio-commits] src/pulsecore
David Henningsson
diwic at kemper.freedesktop.org
Mon Sep 8 04:51:20 PDT 2014
src/pulsecore/core-util.c | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit 076601ee28a442868ba4ab92a6f379190f6fa0ab
Author: David Henningsson <david.henningsson at canonical.com>
Date: Tue Nov 12 07:52:48 2013 +0100
core-util: Fail if XDG_RUNTIME_DIR belongs to someone else
Usually, PA will use the PULSE_SERVER X11 property instead of using XDG_RUNTIME_DIR,
so this environment variable does not matter.
If this property is not available, or if one is using the pacmd cli protocol,
the client will go ahead and call pa_make_secure_dir on XDG_RUNTIME_DIR/pulse.
This will either fail (if you're another regular user), or succeed (if you're root).
Both scenarios are bad - failing will cause the connection to fail, and succeeding
is even worse, as it can cause *other* connections to fail (as the directory
ownership has changed).
Instead fail and complain loudly.
BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=83007
Signed-off-by: David Henningsson <david.henningsson at canonical.com>
diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
index d7a95d6..6b7cd35 100644
--- a/src/pulsecore/core-util.c
+++ b/src/pulsecore/core-util.c
@@ -1816,6 +1816,14 @@ char *pa_get_runtime_dir(void) {
/* Use the XDG standard for the runtime directory. */
d = getenv("XDG_RUNTIME_DIR");
if (d) {
+ struct stat st;
+ if (stat(d, &st) == 0 && st.st_uid != getuid()) {
+ pa_log(_("XDG_RUNTIME_DIR (%s) is not owned by us (uid %d), but by uid %d! "
+ "(This could e g happen if you try to connect to a non-root PulseAudio as a root user, over the native protocol. Don't do that.)"),
+ d, getuid(), st.st_uid);
+ goto fail;
+ }
+
k = pa_sprintf_malloc("%s" PA_PATH_SEP "pulse", d);
if (pa_make_secure_dir(k, m, (uid_t) -1, (gid_t) -1, true) < 0) {
More information about the pulseaudio-commits
mailing list