OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Patch for esound-0.2.19
From: Alon Oz (alonLINUXQA.COM)
Date: Mon Sep 11 2000 - 06:12:59 CDT


Here's a patch that fixes the vulnerability in the esound package
(0.2.19 and prior):

------- CUT HERE ------------------------

*** esd.c Mon Sep 11 13:48:10 2000
--- esd.c.noperms Mon Sep 11 13:48:41 2000
***************
*** 218,230 ****
        if (access(ESD_UNIX_SOCKET_DIR, R_OK | W_OK) == -1)
        {
          mkdir(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR|
! S_IRGRP|S_IWGRP|S_IXGRP|
! S_IROTH|S_IWOTH|S_IXOTH);
          chmod(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR|
! S_IRGRP|S_IWGRP|S_IXGRP|
! S_IROTH|S_IWOTH|S_IXOTH);
        }
        if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
        {
--- 218,226 ----
        if (access(ESD_UNIX_SOCKET_DIR, R_OK | W_OK) == -1)
        {
          mkdir(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR);
          chmod(ESD_UNIX_SOCKET_DIR,
! S_IRUSR|S_IWUSR|S_IXUSR);
        }
        if (access(ESD_UNIX_SOCKET_NAME, R_OK | W_OK) == -1)
        {

------ CUT HERE ------------------

--
Alon Oz,
Aduva Research Team,
Mailto: alonlinuxqa.com

Trust in Allah, but tie your camel. -- Arabian proverb