merge 269661 289797
thanks
Hi Tim!
On Mon, 10 Jan 2005, Tim wrote:
> While I understand that some audio binaries might need to be setgid
> audio or something, is there any reason why this binary should be setuid
> root?
>
> -snip-
> [EMAIL PROTECTED]:~> ls -la /usr/bin/jackstart
> -rwsr-xr-- 1 root audio 12704 Nov 2 16:03 /usr/bin/jackstart
> -/snip-
Could you read through Bug#269661: jackstart depends on a kernel with
working CAP_SETCAP
> Since I can't expunge this package from my system very easily due to the
> ugly dependency chain currently in place (yes I read your explanation in
> the other bugs, probably not libjack's fault), it is a bit disturbing
Use dpkg-statoverride for jackstart if you want to. No need to remove
anything.
> that it comes with a setuid root binary that probably doesn't have good
> input sanity checking...
It does. On of the sanity checks is whether your kernel allows a special
capability bit set for other processes. Unless you explicitly patch your
kernel to allow that, the test fails and jackstart will not start
anything. So jackstart can only cause harm on systems that already
decided to bypass crucial security decisions. Also this patch is only
needed for 2.4 kernels. 2.6 has realtime-lsm.
> This is just total speculation, but if the jackd binary gives me pretty
> messages like this:
>
> -snip-
> [EMAIL PROTECTED]:~> jackd -d dummy -r-1 -p-1 -C-1 -P-1 -w-1
> jackd 0.99.0
> Copyright 2001-2003 Paul Davis and others.
> jackd comes with ABSOLUTELY NO WARRANTY
> This is free software, and you are welcome to redistribute it
> under certain conditions; see the file COPYING for details
>
> loading driver ..
> creating dummy driver ...
> dummy_pcm|4294967295|4294967295|4294967295|4294967295|4294967295
> cannot create shm segment /jck-[32 bit float mono audio] (Invalid argument)
> cannot create new port segment of -512 bytes, name = /jck-[32 bit float
> mono audio] (Invalid argument)
> all 32 bit float mono audio port buffers in use!
> cannot assign buffer for port
> DUMMY: cannot register port for capture_1
> no ports available!
> DUMMY: cannot register port for playback_128
> jack main caught signal 2
> received signal 2 during shutdown (ignored)
> -/snip-
>
>
> When I give it these nasty input parameters, I don't very well trust a
> startup script running as root to filter options as they come down.
> Perhaps I am just paranoid though...
jackstart is not a script. And as I said above. If you get jackstart to
work (by patching your kernel), you can crash and exploit almost anything
easily because of the patch you applied.
> Do you think we can nuke that nasty bit?
Only if you nuke all the users of 2.4 kernels which need that bit.
I'm one of them so you'd have to nuke me first.
Robert.
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
