From 84200b423ebfa7e2dad9b1b65f64eac7bf3d2114 Mon Sep 17 00:00:00 2001 From: Diego Elio 'Flameeyes' Pettenò Date: Tue, 7 Jul 2009 20:51:53 +0200 Subject: Remove exploitable LD_BIND_NOW hack (CVE-2009-1894). Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, just find the correct flag for the linker to request immediate bindings (all ELF files support that option), and use that when linking the daemon. Reduce the amount of compiled and executed code as well. --- src/daemon/main.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'src/daemon') diff --git a/src/daemon/main.c b/src/daemon/main.c index eb378d24..0f6fc907 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -401,28 +401,6 @@ int main(int argc, char *argv[]) { pa_log_set_level(PA_LOG_NOTICE); pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); -#if defined(__linux__) && defined(__OPTIMIZE__) - /* - Disable lazy relocations to make usage of external libraries - more deterministic for our RT threads. We abuse __OPTIMIZE__ as - a check whether we are a debug build or not. - */ - - if (!getenv("LD_BIND_NOW")) { - char *rp; - - /* We have to execute ourselves, because the libc caches the - * value of $LD_BIND_NOW on initialization. */ - - pa_set_env("LD_BIND_NOW", "1"); - - if ((rp = pa_readlink("/proc/self/exe"))) - pa_assert_se(execv(rp, argv) == 0); - else - pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); - } -#endif - if ((e = getenv("PULSE_PASSED_FD"))) { passed_fd = atoi(e); -- cgit From 2f54b5df183630bb284a16ed9be88279c8f0f0e4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 22 Jul 2009 22:47:51 +0200 Subject: daemon: reset personality, to make the autospawn env cleaup complete --- src/daemon/main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/daemon') diff --git a/src/daemon/main.c b/src/daemon/main.c index eb378d24..c759df53 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -65,6 +65,10 @@ #include #endif +#ifdef __linux__ +#include +#endif + #include #include #include @@ -433,6 +437,12 @@ int main(int argc, char *argv[]) { /* We might be autospawned, in which case have no idea in which * context we have been started. Let's cleanup our execution * context as good as possible */ + +#ifdef __linux__ + if (personality(PER_LINUX) < 0) + pa_log_warn("Uh, personality() failed: %s", pa_cstrerror(errno)); +#endif + pa_drop_root(); pa_close_all(passed_fd, -1); pa_reset_sigs(-1); -- cgit