--- pulseaudio-0.9.6/src/daemon/caps.c +++ pulseaudio-0.9.6/src/daemon/caps.c @@ -53,6 +53,17 @@ int setresuid(uid_t r, uid_t e, uid_t s); #ifdef HAVE_GETUID +/* From Pulseaudio 0.9.9 src/pulsecore/macro.h, for CVE-2008-0008 fix */ +#define pa_assert assert +/* An assert which guarantees side effects of x */ +#ifdef NDEBUG +#define pa_assert_se(x) x +#else +#define pa_assert_se(x) pa_assert(x) +#endif +/* Pulseaudio 0.9.9 pa_assert stuff */ + + /* Drop root rights when called SUID root */ void pa_drop_root(void) { uid_t uid = getuid(); @@ -63,13 +74,16 @@ void pa_drop_root(void) { pa_log_info("dropping root rights."); #if defined(HAVE_SETRESUID) - setresuid(uid, uid, uid); + pa_assert_se(setresuid(uid, uid, uid) >= 0); #elif defined(HAVE_SETREUID) - setreuid(uid, uid); + pa_assert_se(setreuid(uid, uid) >= 0); #else - setuid(uid); - seteuid(uid); + pa_assert_se(setuid(uid) >= 0); + pa_assert_se(seteuid(uid) >= 0); #endif + + pa_assert_se(getuid() == uid); + pa_assert_se(geteuid() == uid); } #else @@ -146,4 +160,3 @@ int pa_drop_caps(void) { } #endif -