gstreamer1/core: no suid root gst-ptp-helper please

Sat, 16 Dec 2017 10:38:34 -0800 

Hi Antoine,

I noticed gstreamer1 core installs gst-ptp-helper setuid root.

https://cgit.freedesktop.org/gstreamer/gstreamer/tree/libs/gst/helpers/gst-ptp-helper.c

That's a rather large and scary program for a feature (Precision Time
Protocol multicast multimedia shenanigans) with about zero users on
OpenBSD.

I doubt it does anything useful in its current state:

gst-ptp-helper.c:305:2: warning: "Implement something to list all
network interfaces" [-W#warnings]
gst-ptp-helper.c:421:2: warning: "Implement something to get MAC
addresses of network interfaces" [-W#warnings]

You don't even want to see all the high quality libs it links against..

Supposedly it's at least dropping privileges, but on a hunch compiling with
-save-temps holds this:
...
static void
drop_privileges (void)
{
# 564 "gst-ptp-helper.c"
}
...

Not sure whether to laugh or cry.

What I'm trying to say, can we nuke this crap from orbit, pretty please?

Index: Makefile
===================================================================
RCS file: /home/vcs/cvs/openbsd/ports/multimedia/gstreamer1/core/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- Makefile    8 Dec 2017 14:38:36 -0000       1.43
+++ Makefile    16 Dec 2017 18:26:58 -0000
@@ -4,6 +4,7 @@ COMMENT=                framework for streaming media
 
 DISTNAME=              gstreamer-${V}
 PKGNAME=               ${GST_PKGNAME_PREFIX}-${V}
+REVISION=              0
 
 SHARED_LIBS +=  gstreamer-1.0        3.3      # 1204.0
 SHARED_LIBS +=  gstbase-1.0          3.3      # 1204.0
@@ -28,5 +29,8 @@ CONFIGURE_ENV +=      ac_cv_lib_gmp___gmpz_in
 
 # require (at least) gtk+
 CONFIGURE_ARGS +=      --disable-examples
+
+# make PTP helper 'suid' at your own peril
+CONFIGURE_ARGS +=      --with-ptp-helper-permissions=none
 
 .include <bsd.port.mk>
Index: pkg/PLIST
===================================================================
RCS file: /home/vcs/cvs/openbsd/ports/multimedia/gstreamer1/core/pkg/PLIST,v
retrieving revision 1.14
diff -u -p -r1.14 PLIST
--- pkg/PLIST   20 Jun 2017 11:48:53 -0000      1.14
+++ pkg/PLIST   16 Dec 2017 18:26:58 -0000
@@ -155,9 +155,7 @@ lib/pkgconfig/gstreamer-net-${API}.pc
 libexec/gstreamer-${API}/
 @bin libexec/gstreamer-${API}/gst-completion-helper
 @bin libexec/gstreamer-${API}/gst-plugin-scanner
-@mode 4555
 @bin libexec/gstreamer-${API}/gst-ptp-helper
-@mode
 @man man/man1/gst-inspect-${API}.1
 @man man/man1/gst-launch-${API}.1
 @man man/man1/gst-stats-${API}.1

Reply via email to