Subject: Re: [ecasound] Multitrack problems resolved! (almost)
From: Kai Vehmanen (k_AT_eca.cx)
Date: Wed Oct 03 2001 - 23:19:29 EEST
On Tue, 31 Jul 2001, Nolan Darilek wrote:
> On a side note, I made ecasound setuid root to use raisepriority. Yes
> I recognize that this is a potential security risk, but in practice,
> has anyone encountered any issues with this? I don't recall seeing any
> shell escapes or anything similarly obvious in ecasound's interactive
> mode; am I missing anything potentially fatal? I may try resetting the
> setuid bit just in case.
Although there are no known vulnerabilities, setting ecasound suid-root is
not safe. Whether this is a real problem depends on particular setup
(connnected to network, untrusted users,...).
The root of the problem is that ecasound doesn't contain any code for
altering priviledge levels. If it is runs with root-priviledges, it does
everything as root. For instance in libecasound/eca-control-objects.cpp,
in edit_chainsetup(), there's a system() call for executing an external
editor. Doing this as root is not generally thought as secure.
Other big problem area is libecasound/audioio-forked-stream.cpp, which use
to exec() mpg123, ogg, and other external programs as specified in
~/.ecasoundrc. This is also a bit unsafe when run as root.
But all in all, this shouldn't be that big of an issue. For noncritical
uses, just don't set the suid-bit, but run as a normal user. If you have
an untrusted setup, and you don't want to login as root, the following
helps a bit:
cd /usr/local/bin
chown root.ecausers ecasound
chmod 4750 ecasound
In other words, ecasound binary is set as suid-root (so it is run with
root-priviledges), but only root and members of the ecausers groups can
start it. Now just add all trusted ecasound users to the group and you are
set.
The ideal solution would be that ecasound would not need to be run with
full root-priviledges, only with priviledges for changing scheduling and
locking memory. Tommi Ilmonen's (author of the Mustajuuri softsynth)
givertcap program solves this very elegantly, but unfortunately requires a
custom kernel patch (at least for now). You can check the program at:
http://www.tml.hut.fi/~tilmonen/givertcap/
-- http://www.eca.cx Audio software for Linux!-- To unsubscribe send message 'unsubscribe' in the body of the message to <ecasound-list-request_AT_wakkanet.fi>.
This archive was generated by hypermail 2b28 : Wed Oct 03 2001 - 23:16:55 EEST