On Sun, 2014-04-20 at 21:58 +0600, Alexander E. Patrakov wrote: > Initially (in commit ef422fa4ae626e9638ca70d1c56f27e701dd69c2), > pa_make_secure_dir followed a simple principle: "make a directory, or, > if it exists, check that it is suitable". Later this evolved into "make > a directory, or, if it exists, ensure that it is suitable". But the > check remained. > > The check is now neither sufficient nor necessary. On POSIX-compliant > systems, the fstat results being checked are actually post-conditions of > fchmod and fchown. And on systems implementing POSIX ACLs, fstat only > reflects a part of the information relevant to the security of the > directory permissions, so PulseAudio could accept an existing insecure > directory anyway. > > Also, the check still fires on non-POSIX-compliant filesystems like CIFS. > As a user cannot do anything to fix it, just accept insecure permissions > in this case. > --- > As this patch removes what used to be a security check, please double-check > it. Especially on platforms that provide only a subset of fstat, fchown and > fchmod. > > If you think it is too risky, apply the alternative with the subject > "Better error messages for secure directory creation". This seems fine to me. I applied this one. Thanks for the patch(es)! -- Tanu
