[pulseaudio-discuss] [PATCH] Remove redundant check of directory permissions
Tanu Kaskinen
tanu.kaskinen at linux.intel.com
Fri Apr 25 05:10:36 PDT 2014
On Sun, 2014-04-20 at 21:58 +0600, Alexander E. Patrakov wrote:
> Initially (in commit ef422fa4ae626e9638ca70d1c56f27e701dd69c2),
> pa_make_secure_dir followed a simple principle: "make a directory, or,
> if it exists, check that it is suitable". Later this evolved into "make
> a directory, or, if it exists, ensure that it is suitable". But the
> check remained.
>
> The check is now neither sufficient nor necessary. On POSIX-compliant
> systems, the fstat results being checked are actually post-conditions of
> fchmod and fchown. And on systems implementing POSIX ACLs, fstat only
> reflects a part of the information relevant to the security of the
> directory permissions, so PulseAudio could accept an existing insecure
> directory anyway.
>
> Also, the check still fires on non-POSIX-compliant filesystems like CIFS.
> As a user cannot do anything to fix it, just accept insecure permissions
> in this case.
> ---
> As this patch removes what used to be a security check, please double-check
> it. Especially on platforms that provide only a subset of fstat, fchown and
> fchmod.
>
> If you think it is too risky, apply the alternative with the subject
> "Better error messages for secure directory creation".
This seems fine to me. I applied this one. Thanks for the patch(es)!
--
Tanu
More information about the pulseaudio-discuss
mailing list