Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 207214 (CVE-2008-0008) - media-sound/pulseaudio < 0.9.9 Pulseaudio ignores setuid() return value (CVE-2008-0008)
Summary: media-sound/pulseaudio < 0.9.9 Pulseaudio ignores setuid() return value (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2008-0008
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-23 20:44 UTC by Sune Kloppenborg Jeppesen
Modified: 2020-04-04 10:14 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2008-01-23 20:44:08 UTC
Pulseaudio fails to check the return value of setuid().
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2008-01-23 20:46:01 UTC
Sound please advise.
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-01-24 00:48:45 UTC
Okay so I looked at the code, the setuid() call is actually unlikely to be used in Gentoo, as it's protected by a !defined(HAVE_SETRESUID) and !defined(HAVE_SETREUID).

I have a patch to fix the function not to ignore setuid() call. But I don't have time _right now_ to check if this is enough to make sure the server is secure.

On the other hand, I've just seen Lennart tagging the release 0.9.9 ... and I didn't see any fix for this, which makes me a bit concerned.
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-01-24 02:03:27 UTC
Okay, the fix will be released in version 0.9.9 for which the ebuild are ready on my repository ready to be committed once the tarball is available.

Note: there will be three revisions for the 0.9.9 release:

0.9.9(-r0): this is what you want to mark stable, it's based off 0.9.8-r6;
0.9.9-r1: has to stay ~arch, it has glib as optional with an USE flag;
0.9.9-r2: has to stay package.masked, it will be the baselayout 2 version;

Please also CC bsd together with the other arches as they'll lose their highest ~arch version. for bsd, arm, sh and ppc keywording requests refer to bug #200076.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-01-24 02:12:56 UTC
Arches, please test and mark stable:
=media-sound/pulseaudio-0.9.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 ~x86-fbsd"
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2008-01-24 04:50:58 UTC
@betelgeuse,

Is this gonna cause any problems for stabling bluez-{libs,utils}-3.x?

Any preference on which version to go stable?
Comment 6 Petteri Räty (RETIRED) gentoo-dev 2008-01-24 07:40:01 UTC
(In reply to comment #5)
> @betelgeuse,
> 
> Is this gonna cause any problems for stabling bluez-{libs,utils}-3.x?
> 
> Any preference on which version to go stable?
> 

If you stable bluez-3* you will screw users big time.
Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-01-24 08:14:31 UTC
I suppose we could package.use.mask bluetooth for the 0.9.9-r0 revision.
Comment 8 Petteri Räty (RETIRED) gentoo-dev 2008-01-24 14:40:47 UTC
(In reply to comment #7)
> I suppose we could package.use.mask bluetooth for the 0.9.9-r0 revision.
> 

I have been meaning to work on getting bluez-3 stable for ages but probably best for now would be to keep bluetooth only for ~arch users.
Comment 9 Friedrich Oslage (RETIRED) gentoo-dev 2008-01-24 22:23:36 UTC
Tested =media-sound/pulseaudio-0.9.9 with USE="X alsa dbus gnome hal -asyncns -avahi -bluetooth -caps -jack -libsamplerate (-lirc) -oss (-policykit) -tcpd" and with USE="alsa dbus hal -X -asyncns -avahi -bluetooth -caps -gnome -jack -libsamplerate (-lirc) -oss (-policykit) -tcpd" on sparc.

- emerges fine
- test phase runs fine(well, it has a test phase but no real tests)
- no collisions

works!


# emerge --info
Portage 2.1.3.19 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 sparc64)
=================================================================
System uname: 2.6.23-gentoo-r3 sparc64 sun4u
Timestamp of tree: Thu, 24 Jan 2008 20:00:01 +0000
app-shells/bash:     3.2_p17-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CPPFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers"
CXXFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers"
DISTDIR="/tmp/distfiles"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sanxbox strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="de_DE.UTF-8"
LDFLAGS="-Wl,-O1"
LINGUAS="en de"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="64bit 7zip X a52 aac aalib alsa artworkextra audacious blender-game bzip2 cups custom-cflags cvs dbus dga divx dts dv dvd dvdread encode fat ffmpeg flac ftp fuse gd gif gnome gnome-print gnomecanvas gpm grammar gtk hal hpn ieee1394 ithreads javascript jpeg jpeg2k lzo mad mjpeg mp2 mp3 mpeg mpeg2 mplayer musepack nautilus ncurses network networking nls nptl nptlonly nsplugin offensive ogg openal opengl opera pam png pnm quicktime regex ruby samba sdl slang smp sms sound soundex sparc speex spell sqlite3 ssl subversion svg symlink test theora threads tiff truetype tta unicode usb userlocales utils vcd vidix vim vim-syntax vim-with-x vorbis wma wmf x264 xanim xcb xfce xine xinerama xorg xulrunner xv xvid zlib" ALSA_PCM_PLUGINS="adpcm alaw copy dshare dsnoop extplug file hooks ladspa lfloat linear meter mulaw multi null rate route share shm" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="mach64"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-25 07:48:25 UTC
(In reply to comment #7)
> I suppose we could package.use.mask bluetooth for the 0.9.9-r0 revision.

 I did that in base profile.  x86 stable.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2008-01-25 10:38:23 UTC
er...this has an use-flag on policykit, which is masked.

So i can't commit...Opfer, you broke it!
Comment 12 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-25 11:37:03 UTC
(In reply to comment #11)
> er...this has an use-flag on policykit, which is masked.

 Yes...and that's why repoman bails out with no reason.  There is the --force flag.  It was "broken" before and after my x86 stabilisation.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2008-01-25 16:53:38 UTC
Ok, some warnings in SELinux profiles have been resolved by masking USE=policykit for pulseaudio...but things like

  media-sound/pulseaudio/pulseaudio-0.9.9.ebuild: x86(default-linux/x86/no-nptl) ['sys-auth/policykit']

I don't understand.  no-nptl is child of x86, is child of default-linux, is child of base.  And USE=policykit is masked in base.
Comment 14 Markus Rothe (RETIRED) gentoo-dev 2008-01-25 19:21:48 UTC
ppc64 stable
Comment 15 Zac Medico gentoo-dev 2008-01-25 22:13:23 UTC
(In reply to comment #13)
> Ok, some warnings in SELinux profiles have been resolved by masking
> USE=policykit for pulseaudio...but things like
> 
>   media-sound/pulseaudio/pulseaudio-0.9.9.ebuild:
> x86(default-linux/x86/no-nptl) ['sys-auth/policykit']
> 
> I don't understand.  no-nptl is child of x86, is child of default-linux, is
> child of base.  And USE=policykit is masked in base.
> 

This is due to interference from the "=media-sound/pulseaudio-0.9.9 bluetooth" entry in the base profile. It causes portage to ignore the "media-sound/pulseaudio policykit" entry when calculating use masks for pulseaudio-0.9.9. I've added a "=media-sound/pulseaudio-0.9.9 policykit" entry to serve as a workaround.

I'll think about changing this behavior since it seems confusing and error prone.
Comment 16 Raúl Porcel (RETIRED) gentoo-dev 2008-01-25 22:15:38 UTC
alpha/ia64/sparc stable, thanks Tobias and Friedrich

Opfer, i'm removing you from cc since zmedico fixed this :)
Comment 17 Jeroen Roovers (RETIRED) gentoo-dev 2008-01-26 13:16:24 UTC
Stable for HPPA.
Comment 18 Tobias Scherbaum (RETIRED) gentoo-dev 2008-01-26 14:43:51 UTC
ppc stable
Comment 19 jieryn 2008-02-06 03:50:06 UTC
stable on amd64

[ebuild   R   ] media-sound/pulseaudio-0.9.9-r1  USE="X alsa avahi caps dbus glib hal tcpd -asyncns -bluetooth -gnome -jack -libsamplerate -lirc -oss (-policykit)" 

tested using mplayer and mpd, nothing too fancy with source/sink, just basic audio playing..

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23.9 x86_64)
=================================================================
System uname: 2.6.23.9 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
Timestamp of tree: Wed, 06 Feb 2008 03:00:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer -fweb -ftracer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer -fweb -ftracer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--verbose --nospinner"
FEATURES="buildpkg collision-protect distlocks fixpackages metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LINGUAS="en"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://192.168.1.102/gentoo-portage"
USE="3dnow X a52 aac acl acpi alsa amd64 ao apache2 audiofile autoipd automount avahi bash-completion berkdb bitmap-fonts bzip2 caps cddb cdparanoia cli cracklib crypt dbus directfb dri dvd encode expat fbcon ffmpeg flac fontconfig ftp gdbm gif gnutella gnutls hal iconv icu id3 idea imagemagick imlib ipv6 isdnlog java jpeg kerberos key-screen lame logrotate lzo mad mdnsresponder-compat midi mmap mmx mp3 mpeg mplayer ncurses network nolvm1 nptl nptlonly ogg openft openmp pam pcre perl png pppd pulseadio pulseaudio python quicktime readline reflection samba sdl search-screen session spl sse sse2 ssl subtitles svg swat syslog tcpd test theora threads tiff truetype truetype-fonts type1-fonts unicode vorbis x264 xgetdefault xinetd xml xorg xvid zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="peruser" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="fbdev radeon radeonhd vesa vga"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
 
Comment 20 Sune Kloppenborg Jeppesen gentoo-dev 2008-02-10 14:29:39 UTC
amd64 please mark stable.
Comment 21 Olivier Crete (RETIRED) gentoo-dev 2008-02-11 03:54:14 UTC
amd64 stable, sorry for the delay
Comment 22 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-14 20:23:32 UTC
GLSA 200802-07
Comment 23 Peter Volkov (RETIRED) gentoo-dev 2008-02-23 18:41:17 UTC
Forgot to add... This was fixed in release snapshot.