diff options
| author | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2009-02-03 19:44:59 +0000 |
|---|---|---|
| committer | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2009-02-03 19:44:59 +0000 |
| commit | 43a7da6ca36bc6f538024c99f4829330e44b9e6f (patch) | |
| tree | 5918bc4729b704187a534caad4dcde9fac5244a4 /usr.bin/aucat | |
| parent | a71cd502a66a21e4f232d1da33cae8eb5d594b83 (diff) | |
in server mode, create /tmp/aucat-userid/ directory with
permissions 0700, and create sockets in it. This prevents
one local user to eavesdrop or disturb audio programs of
other users.
if you're using the ``-s socket'' option with an absolute
path as argument, please update it to use a socket name.
requested by many, bits from jakemsr and otto
ok jakemsr
Diffstat (limited to 'usr.bin/aucat')
| -rw-r--r-- | usr.bin/aucat/aucat.1 | 18 | ||||
| -rw-r--r-- | usr.bin/aucat/aucat.c | 33 | ||||
| -rw-r--r-- | usr.bin/aucat/conf.h | 6 | ||||
| -rw-r--r-- | usr.bin/aucat/listen.c | 10 |
4 files changed, 45 insertions, 22 deletions
diff --git a/usr.bin/aucat/aucat.1 b/usr.bin/aucat/aucat.1 index 490d8640f6f..20ce5a2f8bf 100644 --- a/usr.bin/aucat/aucat.1 +++ b/usr.bin/aucat/aucat.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: aucat.1,v 1.44 2009/01/23 17:52:13 ratchov Exp $ +.\" $OpenBSD: aucat.1,v 1.45 2009/02/03 19:44:58 ratchov Exp $ .\" .\" Copyright (c) 2006 Alexandre Ratchov <alex@caoua.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 23 2009 $ +.Dd $Mdocdate: February 3 2009 $ .Dt AUCAT 1 .Os .Sh NAME @@ -87,9 +87,9 @@ instead of the regular .Xr audio 4 device for audio input and output in order to share the physical device with other clients. -The default socket path is -.Pa /tmp/aucat.sock -but other paths can be used with the +The default socket name is +.Pa default +but other names can be used with the .Fl s option. .It Fl m Ar mode @@ -117,9 +117,11 @@ then standard output will be used. Sample rate in Hertz of the playback or record stream. The default is 44100Hz. .It Fl s Ar socket -Add the path +Add the name .Ar socket to the list of sockets to listen on. +.Ar socket +cannot contain '/'. Meaningful in server mode only. .It Fl u Normally @@ -363,7 +365,7 @@ in server mode using default parameters, but will create an additional socket for output to channels 2:3 only (rear speakers on most cards): .Bd -literal -offset indent -$ aucat -l -s /tmp/aucat.sock -c 2:3 -s /tmp/aucat.sock.rear +$ aucat -l -s default -c 2:3 -s rear .Ed .Pp The following will start @@ -371,7 +373,7 @@ The following will start in server mode creating the default socket with low volume and an additional socket for high volume output: .Bd -literal -offset indent -$ aucat -l -v 65 -s /tmp/aucat.sock -v 127 -s /tmp/aucat.sock.max +$ aucat -l -v 65 -s default -v 127 -s max .Ed .Sh SEE ALSO .Xr audioctl 1 , diff --git a/usr.bin/aucat/aucat.c b/usr.bin/aucat/aucat.c index ad2b9fb15c4..ba86b9d9a9c 100644 --- a/usr.bin/aucat/aucat.c +++ b/usr.bin/aucat/aucat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aucat.c,v 1.54 2009/01/25 17:07:39 ratchov Exp $ */ +/* $OpenBSD: aucat.c,v 1.55 2009/02/03 19:44:58 ratchov Exp $ */ /* * Copyright (c) 2008 Alexandre Ratchov <alex@caoua.org> * @@ -47,10 +47,12 @@ #include <sys/param.h> #include <sys/types.h> #include <sys/queue.h> +#include <sys/stat.h> -#include <signal.h> #include <err.h> +#include <errno.h> #include <fcntl.h> +#include <limits.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> @@ -317,10 +319,13 @@ main(int argc, char **argv) struct farglist ifiles, ofiles, sfiles; struct aparams ipar, opar, dipar, dopar; struct sigaction sa; + struct stat sb; + char base[PATH_MAX], path[PATH_MAX]; unsigned bufsz, mode; char *devpath, *dbgenv; const char *errstr; unsigned volctl; + uid_t uid; dbgenv = getenv("AUCAT_DEBUG"); if (dbgenv) { @@ -482,6 +487,18 @@ main(int argc, char **argv) } } + if (l_flag) { + uid = geteuid(); + snprintf(base, PATH_MAX, "/tmp/aucat-%u", uid); + if (mkdir(base, 0700) < 0) { + if (errno != EEXIST) + err(1, "mkdir(\"%s\")", base); + } + if (stat(base, &sb) < 0) + err(1, "stat(\"%s\")", base); + if (sb.st_uid != uid || (sb.st_mode & 077) != 0) + errx(1, "%s has wrong permissions", base); + } quit_flag = 0; sigfillset(&sa.sa_mask); sa.sa_flags = SA_RESTART; @@ -533,8 +550,11 @@ main(int argc, char **argv) while (!SLIST_EMPTY(&sfiles)) { fa = SLIST_FIRST(&sfiles); SLIST_REMOVE_HEAD(&sfiles, entry); - (void)listen_new(&listen_ops, fa->name, - &fa->opar, &fa->ipar, MIDI_TO_ADATA(fa->vol)); + if (strchr(fa->name, '/') != NULL) + errx(1, "socket names must not contain '/'"); + snprintf(path, PATH_MAX, "%s/%s", base, fa->name); + listen_new(&listen_ops, path, &fa->opar, &fa->ipar, + MIDI_TO_ADATA(fa->vol)); free(fa); } @@ -572,8 +592,11 @@ main(int argc, char **argv) } } } - if (l_flag) + if (l_flag) { filelist_unlisten(); + if (rmdir(base) < 0) + warn("rmdir(\"%s\")", base); + } if (suspend) { DPRINTF("resuming to drain\n"); suspend = 0; diff --git a/usr.bin/aucat/conf.h b/usr.bin/aucat/conf.h index 3627eebe090..9d2105dd5ce 100644 --- a/usr.bin/aucat/conf.h +++ b/usr.bin/aucat/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.5 2008/11/10 23:25:37 ratchov Exp $ */ +/* $OpenBSD: conf.h,v 1.6 2009/02/03 19:44:58 ratchov Exp $ */ /* * Copyright (c) 2008 Alexandre Ratchov <alex@caoua.org> * @@ -56,7 +56,7 @@ extern int debug_level; */ #define WAV_NBLK 6 -#define DEFAULT_DEVICE "/dev/audio" /* defaul device */ -#define DEFAULT_SOCKET "/tmp/aucat.sock" +#define DEFAULT_DEVICE "/dev/audio" +#define DEFAULT_SOCKET "default" #endif /* !defined(CONF_H) */ diff --git a/usr.bin/aucat/listen.c b/usr.bin/aucat/listen.c index da17643451a..fc6a3cacaab 100644 --- a/usr.bin/aucat/listen.c +++ b/usr.bin/aucat/listen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: listen.c,v 1.6 2009/01/23 17:38:15 ratchov Exp $ */ +/* $OpenBSD: listen.c,v 1.7 2009/02/03 19:44:58 ratchov Exp $ */ /* * Copyright (c) 2008 Alexandre Ratchov <alex@caoua.org> * @@ -49,7 +49,7 @@ struct listen * listen_new(struct fileops *ops, char *path, struct aparams *wpar, struct aparams *rpar, int maxweight) { - int sock; + int sock, oldumask; struct sockaddr_un sockname; struct listen *f; @@ -64,15 +64,13 @@ listen_new(struct fileops *ops, char *path, } sockname.sun_family = AF_UNIX; strlcpy(sockname.sun_path, path, sizeof(sockname.sun_path)); + oldumask = umask(0111); if (bind(sock, (struct sockaddr *)&sockname, sizeof(struct sockaddr_un)) < 0) { perror("bind"); exit(1); } - if (chmod(sockname.sun_path, 0777) < 0) { - /* not fatal, just print error */ - perror(sockname.sun_path); - } + umask(oldumask); if (listen(sock, 1) < 0) { perror("listen"); exit(1); |