headers
Michael Ablassmeier | 12 Aug 2006 15:45
Picon
Favicon

terminatrox audit?

hi guys, 

has one of you yet had a look at terminatorx? Terminatorx is an real time
synthesizer software which supports installation of its binary SUID root in
order to be able to use realtime scheduling. Might be worth a look.

bye,
    - michael
Permalink | Reply |
headers
Steve Kemp | 12 Aug 2006 15:51

Re: terminatrox audit?

On Sat, Aug 12, 2006 at 03:45:33PM +0200, Michael Ablassmeier wrote:

> has one of you yet had a look at terminatorx? Terminatorx is an real time
> synthesizer software which supports installation of its binary SUID root in
> order to be able to use realtime scheduling. Might be worth a look.

  Since it isn't installed setuid by default I've never looked at it
 before.

  First analysis - *don't* install setuid if you have untrusted local
 users since loading files from the GUI easily allows a local root attack.

  Loading files triggers code in src/tX_audiofile.cc:

--
tX_audio_error tx_audiofile :: load_ogg123() {
    tX_debug("tx_audiofile::load_ogg123()");

    char command[PATH_MAX*2];

    sprintf(command, OGG123_STR, filename);
    file = popen(command, "r");

    if (!file) return TX_AUDIO_ERR_OGG123;

    return load_piped();
}
--

  (There are other handlers for different filetypes; and other than the
(Continue reading)

Permalink | Reply |
headers
Michael Ablassmeier | 12 Aug 2006 16:31
Picon
Favicon

Re: terminatrox audit?

hi Steve,

On Sat, Aug 12, 2006 at 02:51:40PM +0100, Steve Kemp wrote:
> On Sat, Aug 12, 2006 at 03:45:33PM +0200, Michael Ablassmeier wrote:
> 
> > has one of you yet had a look at terminatorx? Terminatorx is an real time
> > synthesizer software which supports installation of its binary SUID root in
> > order to be able to use realtime scheduling. Might be worth a look.
> 
>   Since it isn't installed setuid by default I've never looked at it
>  before.
> 
>   First analysis - *don't* install setuid if you have untrusted local
>  users since loading files from the GUI easily allows a local root attack.
> 
>   Loading files triggers code in src/tX_audiofile.cc:
> 
> --
> tX_audio_error tx_audiofile :: load_ogg123() {
>     tX_debug("tx_audiofile::load_ogg123()");
>     
>     char command[PATH_MAX*2];
> 
>     sprintf(command, OGG123_STR, filename);
>     file = popen(command, "r");
> 
>     if (!file) return TX_AUDIO_ERR_OGG123;
> 
>     return load_piped();
> }
(Continue reading)

Permalink | Reply |

Gmane