[16700] in bugtraq
Patch for esound-0.2.19
daemon@ATHENA.MIT.EDU (Alon Oz)
Mon Sep 11 13:00:01 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <39BCBE3B.8A1F1F62@linuxqa.com>
Date: Mon, 11 Sep 2000 14:12:59 +0300
Reply-To: alon@LINUXQA.COM
From: Alon Oz <alon@LINUXQA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Here's a patch that fixes the vulnerability in the esound package
(0.2.19 and prior):
------- CUT HERE ------------------------
*** esd.c Mon Sep 11 13:48:10 2000
--- esd.c.noperms Mon Sep 11 13:48:41 2000
***************
*** 218,230 ****
if (access(ESD_UNIX_SOCKET_DIR, R_OK | W_OK) == -1)
{
mkdir(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR|
! S_IRGRP|S_IWGRP|S_IXGRP|
! S_IROTH|S_IWOTH|S_IXOTH);
chmod(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR|
! S_IRGRP|S_IWGRP|S_IXGRP|
! S_IROTH|S_IWOTH|S_IXOTH);
}
if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
{
--- 218,226 ----
if (access(ESD_UNIX_SOCKET_DIR, R_OK | W_OK) == -1)
{
mkdir(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR);
chmod(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR);
}
if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
{
------ CUT HERE ------------------
--
Alon Oz,
Aduva Research Team,
Mailto: alon@linuxqa.com
Trust in Allah, but tie your camel.
-- Arabian proverb
