On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote: > > The yiff server, by default, will run as the root user, even though it > > only requires privileges to access the audio devices (/dev/dsp and > > /dev/mixer), no effort is make by the package to create an specific user > > and run the server as such. > > [...] > > I agree that this is badly broken. Thanks for the report. > > Can you assist? (e.g., do you have a patch available?) I don't have > access to a suitable machine at the moment (I'm moving home, starting new > job, etc.). Otherwise, I'll tag this as needing help and do what I can on > the project machines.
I don't have a patch available, but I could write one that: a) modifies the postinst/postrm to create a 'yiff' user (might need to belong to the 'audio' group too) b) modifies the init script to run yiff-server as the 'yiff' user instead of as root c) creates /var/run/yiff/ so that the pidfile can be created by the program there (the directory should belong to 'yiff' so it needs to be created on package installation by root) That would mitigate the risk a lot, another improvement, which might need to change code in the source package include limiting file calls to only access a given directory and reject absolute paths (i.e. those including a '/') from client requests. That would prevent remote attacks to the server by having it read files that a remote user would not have access otherwise. Regards Javier
signature.asc
Description: Digital signature
