[PATCH 02/12] iochannel/pstream/pdispatch: Add support for receiving file descriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



24.06.2014 14:06, David Henningsson wrote:
>
>
> On 2014-06-17 11:09, David Henningsson wrote:
>>
>>
>> On 2014-06-01 20:55, Alexander E. Patrakov wrote:
>>> 30.05.2014 17:59, David Henningsson wrote:
>>>> +            else if (cmh->cmsg_type == SCM_RIGHTS) {
>>>> +                int nfd = (cmh->cmsg_len - CMSG_LEN(0)) / sizeof(int);
>>>> +                if (nfd > MAX_ANCIL_FDS) {
>>>> +                    pa_log("Trying to receive too many file
>>>> descriptors!");
>>>> +                    continue;
>>>> +                }
>>>> +                memcpy(ancil->fds, CMSG_DATA(cmh), nfd * sizeof(int));
>>>> +                ancil->nfd = nfd;
>>>>               }
>>>
>>> Don't we need to close these injected file descriptors if we don't like
>>> them?
>>
>> Good point, I think so too. Will fix, thanks.
>
> Fixing that was simple, but it does not stop malicious clients from
> sending one fd at a time. Maybe that is also possible even without the
> srbchannel patches, to overload the PulseAudio process with file
> descriptors?

Good question, I think it is indeed possible. In any case, PulseAudio 
should close unexpected file descriptors, but this can be done in a 
separate patch.

A good write-up on fd-passing is here: 
http://keithp.com/blogs/fd-passing/ - note that Keith decided to stash 
any received fds in an array and apparently to close them later.

A related problem is "what to do if the passed fd is of some wrong 
type". AFAIK it is not currently solvable at all, see the discussion here:

https://plus.google.com/+DavidHerrmann/posts/h8CXYqwXruw

-- 
Alexander E. Patrakov


[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux