File: add-ifdef-guards-around-setuid.patch

package info (click to toggle)
xtrs 4.9d-2
  • links: PTS
  • area: contrib
  • in suites: bookworm, bullseye, buster, sid
  • size: 5,480 kB
  • sloc: ansic: 72,545; makefile: 1,633; sh: 554; csh: 132
file content (53 lines) | stat: -rw-r--r-- 2,196 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
GCC warns about an unused result in trs_xinterface.c.  The relevant line
is this.
     setuid(getuid());

The web has scary things to say about the above.
    https://c-skills.blogspot.com/2008/01/evilness-of-setuidgetuid.html

However, the fix seems easy.  Here's why.
    1. The code prior to the above call invokes trs_sound_init(), whose
       entire body sits in an #ifdef SB_SOUND guard, and if SB_SOUND is
       defined, plays around with I/O ports using ioperm(), inb(), and
       outb();
    2. Poking I/O ports is particular to x86 hardware;
    3. Doing so requires root privileges;
    4. xtrs is trying to _drop_ root privileges after doing this;
    5. This functionality is predicated on having
       SoundBlaster-compatible hardware installed;
    6. The code preceding the trs_sound_init() call attempts to infer
       some SoundBlaster card parameters from an X resource;
    7. The corresponding command-line option for setting up a
       SoundBlaster card is -sb, about which trs_cassette.c has to say:
          "OSS_SOUND seems to work much better than SB_SOUND now, so
          SB_SOUND is off by default and -sb has been removed from the
          man page";
    8. Nothing in the source code ever actually #defines SB_SOUND; you
       would have to do it from Make, which Debian never has done.

Therefore, guard all this "Sb" resource reading stuff with #ifdef
SB_SOUND.  Now it won't be compiled in to be complained about.  Perhaps
all this SoundBlaster stuff should be "#if 0"ed or even deleted, but
I'll leave that up to upstream.

-- Branden Robinson, 2017-03-24T03:15:32-0400
--- a/trs_xinterface.c
+++ b/trs_xinterface.c
@@ -293,7 +293,7 @@
   image.height = image.height * scale_y / 2;
   image.bytes_per_line *= scale_x;
 
-#if __linux
+#if __linux && SB_SOUND
   (void) sprintf(option, "%s%s", program_name, ".sb");
   if (XrmGetResource(x_db, option, "Xtrs.Sb", &type, &value)) {
     char *next; int ioport, vol;
@@ -305,7 +305,7 @@
     }
   }
   setuid(getuid());
-#endif /* linux */
+#endif /* linux && SB_SOUND */
 
   (void) sprintf(option, "%s%s", program_name, ".emtsafe");
   if (XrmGetResource(x_db, option, "Xtrs.Emtsafe", &type, &value)) {