[pulseaudio-tickets] [Bug 45656] New: lacks handling of (not-so-)special cases in pa_make_secure_dir()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Feb 5 13:16:31 PST 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=45656

             Bug #: 45656
           Summary: lacks handling of (not-so-)special cases in
                    pa_make_secure_dir()
    Classification: Unclassified
           Product: PulseAudio
           Version: unspecified
          Platform: All
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: core
        AssignedTo: pulseaudio-bugs at lists.freedesktop.org
        ReportedBy: mike at altlinux.org
         QAContact: pulseaudio-bugs at lists.freedesktop.org
                CC: lennart at poettering.net


Created attachment 56630
  --> https://bugs.freedesktop.org/attachment.cgi?id=56630
strace output

As of pulseaudio-1.1, both src/daemon/main.c::change_user() and
src/pulsecore/core-util.c::pa_make_secure_dir() are pretty ignorant of target
directory being already there with proper permissions and rush to
mkdir()/fchown()/fchmod() for no good reason.

My original problem occurs on r/o NFSv3 Linux 2.6.32 thin client root
filesystem while trying to run pulseaudio --system (used to work like charm
with 0.9.5):

# pulseaudio --system
W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set!
W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading
not set!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle
time!
E: [pulseaudio] core-util.c: Failed to create secure directory: Operation not
permitted

Here's localhost test re-run with r/w ext4 rootfs:

# pulseaudio --system -v -v
W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set!
W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading
not set!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle
time!
D: [pulseaudio] core-rtclock.c: Timer slack is set to 50 us.
D: [pulseaudio] core-util.c: setpriority() worked.
I: [pulseaudio] core-util.c: Successfully gained nice level -11.
I: [pulseaudio] main.c: Found user 'pulse' (UID 144) and group 'pulse' (GID
56).
I: [pulseaudio] main.c: Successfully dropped root privileges.
I: [pulseaudio] main.c: This is PulseAudio 1.1
D: [pulseaudio] main.c: Compilation host: i586-alt-linux-gnu
D: [pulseaudio] main.c: Compilation CFLAGS: -pipe -Wall -g -O2 -march=i586
-mtune=i686 -W -Wextra -Wno-long-long -Wvla -Wno-overlength-strings
-Wunsafe-loop-optimizations -Wundef -Wformat=2 -Wlogical-op -Wsign-compare
-Wformat-security -Wmissing-include-dirs -Wformat-nonliteral -Wpointer-arith
-Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wmissing-prototypes
-Wredundant-decls -Wmissing-declarations -Wmissing-noreturn -Wshadow
-Wendif-labels -Wcast-align -Wstrict-aliasing -Wwrite-strings
-Wno-unused-parameter -ffast-math -Wp,-D_FORTIFY_SOURCE=2 -fno-common
-fdiagnostics-show-option
D: [pulseaudio] main.c: Running on host: Linux i686 3.2.2-std-pae-alt1 #1 SMP
Wed Feb 1 06:39:46 UTC 2012
D: [pulseaudio] main.c: Found 2 CPUs.
I: [pulseaudio] main.c: Page size is 4096 bytes
D: [pulseaudio] main.c: Compiled with Valgrind support: no
D: [pulseaudio] main.c: Running in valgrind mode: no
D: [pulseaudio] main.c: Running in VM: no
D: [pulseaudio] main.c: Optimized build: yes
D: [pulseaudio] main.c: All asserts enabled.
I: [pulseaudio] main.c: Machine ID is afe81388ef56429371ec614748402b92.
E: [pulseaudio] core-util.c: Failed to create secure directory: Operation not
permitted
# getent passwd pulse
pulse:x:144:56:Pulseaudio daemon:/var/run/pulse:/dev/null
# ls -ld /var/run/pulse      
drwxrwx--x 2 root pulse 4096 Nov 17 15:46 /var/run/pulse

/var/run/pulse (0771,root,pulse) and the user/group prepared by ALT Linux
pulseaudio-system subpackage in both cases.

Syscalls up to the finishing rmdir() (included as a beacon not as a culprit,
full strace output attached):

umask(022)                              = 022
mkdir("/var/run/pulse", 0755)           = -1 EEXIST (File exists)
umask(022)                              = 022
open("/var/run/pulse", O_RDONLY|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFDIR|0771, st_size=4096, ...}) = 0
getuid32()                              = 144
getgid32()                              = 56
fchown32(3, 144, 56)                    = -1 EPERM (Operation not permitted)
rmdir("/var/run/pulse")                 = -1 EACCES (Permission denied)

See also:
http://pulseaudio.org/ticket/539
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628033

Seen also:
https://bugzilla.redhat.com/show_bug.cgi?id=508072
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1299

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the pulseaudio-bugs mailing list