OpenBSD Journal

OpenBSD's sndiod: now with privsep

Contributed by tj on from the sounds-good-to-me dept.

Desktop users can feel just a bit safer now, as Alexandre Ratchov (ratchov@) has introduced some initial privilege separation to sndiod(1).

Module name:	src
Changes by:	2015/12/20 04:38:33

Modified files:
	usr.bin/sndiod : Makefile listen.c miofile.c siofile.c sndiod.c 
Added files:
	usr.bin/sndiod : fdpass.c fdpass.h 

Log message:
In case of a bug in sndiod, an attacker (a local user) could run
arbitrary code as user _sndio, i.e. get a second uid.

Mitigate the risk by implementing initial privilege separation as
follows. Break sndiod in two processes: a chroot()ed "worker" process
processing input, and a non-chroot()ed "helper" process opening
devices and passing descriptors to the worker.

With help from benno, claudio, semarie and gilles.

ok benno, semarie and tb

That's one more daemon down!

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]