From 84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 Mon Sep 17 00:00:00 2001 From: Diego Elio 'Flameeyes' Pettenò Date: Tue, 7 Jul 2009 20:51:53 +0200 Subject: Remove exploitable LD_BIND_NOW hack (CVE-2009-1894). Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, just find the correct flag for the linker to request immediate bindings (all ELF files support that option), and use that when linking the daemon. Reduce the amount of compiled and executed code as well. --- src/daemon/main.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index eb378d24..0f6fc907 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -401,28 +401,6 @@ int main(int argc, char *argv[]) { pa_log_set_level(PA_LOG_NOTICE); pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); -#if defined(__linux__) && defined(__OPTIMIZE__) - /* - Disable lazy relocations to make usage of external libraries - more deterministic for our RT threads. We abuse __OPTIMIZE__ as - a check whether we are a debug build or not. - */ - - if (!getenv("LD_BIND_NOW")) { - char *rp; - - /* We have to execute ourselves, because the libc caches the - * value of $LD_BIND_NOW on initialization. */ - - pa_set_env("LD_BIND_NOW", "1"); - - if ((rp = pa_readlink("/proc/self/exe"))) - pa_assert_se(execv(rp, argv) == 0); - else - pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); - } -#endif - if ((e = getenv("PULSE_PASSED_FD"))) { passed_fd = atoi(e); -- cgit From a2b207e38ac35ffc048351f76d83f7f9db37bb6c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 20 Jul 2009 15:47:57 +0100 Subject: daemon: before exec'ing ourselves, make sure nobody plays games with /proc/self/exe --- src/daemon/main.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index eb378d24..07439675 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -405,7 +405,8 @@ int main(int argc, char *argv[]) { /* Disable lazy relocations to make usage of external libraries more deterministic for our RT threads. We abuse __OPTIMIZE__ as - a check whether we are a debug build or not. + a check whether we are a debug build or not. This all is + admittedly a bit snake-oilish. */ if (!getenv("LD_BIND_NOW")) { @@ -416,9 +417,16 @@ int main(int argc, char *argv[]) { pa_set_env("LD_BIND_NOW", "1"); - if ((rp = pa_readlink("/proc/self/exe"))) - pa_assert_se(execv(rp, argv) == 0); - else + if ((rp = pa_readlink("/proc/self/exe"))) { + + if (pa_streq(rp, PA_BINARY)) + pa_assert_se(execv(rp, argv) == 0); + else + pa_log_warn("/proc/self/exe does not point to " PA_BINARY ", cannot self execute. Are you playing games?"); + + pa_xfree(rp); + + } else pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); } #endif -- cgit From 2f54b5df183630bb284a16ed9be88279c8f0f0e4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 22 Jul 2009 22:47:51 +0200 Subject: daemon: reset personality, to make the autospawn env cleaup complete --- src/daemon/main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index eb378d24..c759df53 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -65,6 +65,10 @@ #include #endif +#ifdef __linux__ +#include +#endif + #include #include #include @@ -433,6 +437,12 @@ int main(int argc, char *argv[]) { /* We might be autospawned, in which case have no idea in which * context we have been started. Let's cleanup our execution * context as good as possible */ + +#ifdef __linux__ + if (personality(PER_LINUX) < 0) + pa_log_warn("Uh, personality() failed: %s", pa_cstrerror(errno)); +#endif + pa_drop_root(); pa_close_all(passed_fd, -1); pa_reset_sigs(-1); -- cgit From 4c1511500759c7701b407227e907c0e5c8e38763 Mon Sep 17 00:00:00 2001 From: Diego Elio 'Flameeyes' Pettenò Date: Sat, 8 Aug 2009 01:53:15 +0200 Subject: Split OSS support in output and wrapper. Since Fedora does not enable OSS output support at all, but still uses padsp, and in Gentoo we could also make use of padsp without OSS output support, split the two things in two parameters, although they both check for sys/soundcard.h once. --- src/daemon/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index b209c514..7a951954 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -113,7 +113,7 @@ int allow_severity = LOG_INFO; int deny_severity = LOG_WARNING; #endif -#ifdef HAVE_OSS +#ifdef HAVE_OSS_WRAPPER /* padsp looks for this symbol in the running process and disables * itself if it finds it and it is set to 7 (which is actually a bit * mask). For details see padsp. */ -- cgit From ef176ecb62a8f04bd14ca37e7c2a40469f0bb8ba Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 12 Aug 2009 21:36:52 +0200 Subject: core-util: move personality resetting into core-util --- src/daemon/main.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index 7a951954..355b0d5c 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -65,10 +65,6 @@ #include #endif -#ifdef __linux__ -#include -#endif - #include #include #include @@ -446,11 +442,7 @@ int main(int argc, char *argv[]) { * context we have been started. Let's cleanup our execution * context as good as possible */ -#ifdef __linux__ - if (personality(PER_LINUX) < 0) - pa_log_warn("Uh, personality() failed: %s", pa_cstrerror(errno)); -#endif - + pa_reset_personality(); pa_drop_root(); pa_close_all(passed_fd, -1); pa_reset_sigs(-1); -- cgit From 27b8cd783c2aedb23af8f88fc88632d5c4f387fd Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 12 Aug 2009 21:37:40 +0200 Subject: daemon: reset scheduling priority on startup, too --- src/daemon/main.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/daemon/main.c') diff --git a/src/daemon/main.c b/src/daemon/main.c index 355b0d5c..8521e720 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -447,6 +447,7 @@ int main(int argc, char *argv[]) { pa_close_all(passed_fd, -1); pa_reset_sigs(-1); pa_unblock_sigs(-1); + pa_reset_priority(); setlocale(LC_ALL, ""); pa_init_i18n(); -- cgit