Posting here b/c the AlienBBC site has a prominent link here instead of
to an email address.
So tonight I tried to get AlienBBC running on my system. It didn't work
(still doesn't), so I started debugging. Looking at mplayer.sh, there's
an obvious race condition (security) problem with $appid. It's set to
/tmp/.alienbbc-app.$$.pid ($$ being the mplayer.sh process ID), and the
script blindly echoes data to $appid. An attacker with local access to
the SqueezeCenter host could use this predictability to do bad things.
Suggested patch that's BASH-dependent (it'd work with ksh/Korn;
traditional Bourne shells don't have $RANDOM):
Code:
--------------------
--- ./Bin/mplayer.sh 2008/12/15 04:15:50 1.1
+++ ./Bin/mplayer.sh 2008/12/23 01:16:48
@@ -1,6 +1,18 @@
-#!/bin/sh
+#!/bin/bash
scriptpid=$$
-apppid=/tmp/.alienbbc-app.$$.pid
+# need a safe working dir (could do something similar with mktemp)
+TMPDIR=""
+i=0
+while [ "$TMPDIR" = "" ]; do
+ i=`expr $i + 1`
+ # add count + $$ in case $RANDOM doesn't work
+ t="/tmp/.alienbbc-app-$RANDOM-$$-$i"
+ mkdir -m0750 $t 2>/dev/null
+ if [ $? -eq 0 ]; then
+ TMPDIR="$t"
+ fi
+done
+apppid=$TMPDIR/mplayer.pid
app=mplayer
# For osx look for processor specific mplayer executable in locations used by
mplayer installer
@@ -25,7 +37,7 @@
"$app" $* 3>&1 1>&2 &
echo $! > $apppid
wait
- rm -f $apppid
+ rm -fr $TMPDIR
kill $scriptpid 2> /dev/null
) < /dev/null &
--------------------
-Peter
--
peterw
http://www.tux.org/~peterw/
free plugins: http://www.tux.org/~peterw/#slim
AllQuiet BlankSaver ContextMenu FuzzyTime KidsPlay
KitchenTimer PlayLog PowerCenter/BottleRocket SaverSwitcher
SettingsManager SleepFade StatusFirst SyncOptions VolumeLock
------------------------------------------------------------------------
peterw's Profile: http://forums.slimdevices.com/member.php?userid=2107
View this thread: http://forums.slimdevices.com/showthread.php?t=57002
_______________________________________________
plugins mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/plugins
