Subject: Re: [ecasound] problems linking ecawave on FreeBSD
From: The Anarcat (anarcat_AT_anarcat.dyndns.org)
Date: Tue Oct 16 2001 - 07:35:43 EEST
On Wed Oct 10, 2001 at 02:29:49AM +0300, Kai Vehmanen wrote:
> On Mon, 24 Sep 2001, The Anarcat wrote:
>
> >> Hmm, how about something like "LIBS=-lqt2 ./configure" for the fbsd port?
> > I will try that. But wouldn't ./configure make LIBS=-lqt -lqt2?
>
> Possibly... depends on your shell. :)
Ok, with latest ecawave (0.4.1), I still get linking errors wrt pthreads
and qt.
Now the fix is to have:
ecawave_LDADD = -L$(qt_libraries) -lqt2 -pthread
# $(qtecasound_libraries)
ecawave_LDFLAGS =
ecawave_debug_LDADD = -L$(qt_libraries) -lqt2 -pthread
in the resulting makefile. The thing is that -lqt2 gets passed in
LDFLAGS, which doesn't seemed to be used by ecawave (?):
LDFLAGS = -L/usr/local/lib -lqt2 -L/usr/local/lib -lecasound -lkvutils
Now, that's odd...
> > You mean stat as in:
> [...]
> > anarcat_AT_shall [ecawave]$ stat /tmp/ecawave-anarcat/
> > File: "/tmp/ecawave-anarcat/"
> > Size: 512 Allocated Blocks: 2 Filetype: Directory
> > Mode: (0755/drwxr-xr-x) Uid: (1000/anarcat) Gid: (0/wheel)
> > Device: 226308 Inode: 6598 Links: 2
> > Access: Mon Sep 24 00:44:19 2001
> > Modify: Mon Sep 24 00:44:19 2001
> > Change: Mon Sep 24 00:44:19 2001
>
> Ok, something goes wrong. The very idea of the tempdir handling is that
> nobody else has access to the directory. It seems that your (or freebsd
> default) /tmp dir has sticky-bits set (or something else) that override
> the permissions as set by ecawave ('mkdir(tmpdirname, 0700)').
I think this was a problem between the keyboard and the chair. :) I
stat'd a file that *I* created manually, there. Oups.
Now here, ecawave 0.4.1 simply doesn't seem to create a directory at
all, or at least, it's difficult to "catch" (it exists for a short
period of time):
% stat /tmp/*wave*
File: "/tmp/ecawave-anarcat"
Size: 512 Allocated Blocks: 2 Filetype: Directory
Mode: (0700/drwx------) Uid: (1000/anarcat) Gid: (0/wheel)
Device: 226308 Inode: 381 Links: 2
Access: Tue Oct 16 00:21:45 2001
Modify: Tue Oct 16 00:21:45 2001
Change: Tue Oct 16 00:21:45 2001
%
> >> I suspect geteuid() or getegid()
> >> functions work differently between fbsd and linux. You can test this by
> >(kvutils) st_gid doesn't match.
>
> Hmm, I'll remove at least this 'st_gid' check. It's true that it only
> causes trouble.
Removing it doesn't fix it. I tried commenting the 'st_gid if clause'
and rebuild/install kvutils, no luck.
> > Are these checks really necessary?
>
> Yep. Ecawave needs a secure way to handle temporary files. It can't use
> the normal mkstemp()/etc functions, because it has no direct access to the
> files - it only knows the filenames.
> So the only solution is to create a
> secure directory, in which files can be created securely, even with
> insecure file-creation methods.
>
> Btw; you can override the tempdir location by rerefining the TMPDIR or
> TMP variable for ecawave.able. This is probably the easiest fix.
No luck either. :)
> > anarcat_AT_shall [ecasound]$ mkdir /tmp/b
> > anarcat_AT_shall [ecasound]$ stat /tmp/b
> > File: "/tmp/b"
> > Size: 512 Allocated Blocks: 2 Filetype: Directory
> > Mode: (0755/drwxr-xr-x) Uid: (1000/anarcat) Gid: (0/wheel)
>
> If ecawave now creates files under /tmp/b, they are open to attacks. And
> if ecawave is run as root (which is of course not recommended), a local
> attack can be very dangerous.
I understand that entierly.
> > I guess this is not really a requisite for a temporary directory, no?
> > Shouldn't kvutils use a function such as mkstemp or mkdtemp?
> [...]
> > http://www.FreeBSD.org/cgi/man.cgi?query=mkdtemp
>
> Ah, mkdtemp() would be really nice, but unfortunately is bsd-specific -
> at least not available in the glibc 2.1.2 I'm using.
Maybe integrate it into the code of kvutils as a helper where it's not
available? ;)
A.
-- To unsubscribe send message 'unsubscribe' in the body of the message to <ecasound-list-request_AT_wakkanet.fi>.
This archive was generated by hypermail 2b28 : Tue Oct 16 2001 - 07:30:53 EEST