virtual_oss(8): Create loopback devices with GID_AUDIO
Make sure the user is part of the audio group to avoid unintended snooping of loopback audio by unprivileged users. While here, retire voss_dsp_perm, since we don't use the same value everywhere now. Sponsored by: The FreeBSD Foundation MFC after: 1 week Reviewed by: emaste Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26
This commit is contained in:
@@ -37,6 +37,7 @@
|
|||||||
|
|
||||||
#include <dlfcn.h>
|
#include <dlfcn.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
#include <grp.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
@@ -1620,7 +1621,6 @@ int voss_is_recording = 1;
|
|||||||
int voss_has_synchronization;
|
int voss_has_synchronization;
|
||||||
volatile sig_atomic_t voss_exit = 0;
|
volatile sig_atomic_t voss_exit = 0;
|
||||||
|
|
||||||
static int voss_dsp_perm = 0666;
|
|
||||||
static int voss_do_background;
|
static int voss_do_background;
|
||||||
static int voss_baseclone = 0;
|
static int voss_baseclone = 0;
|
||||||
static const char *voss_pid_path;
|
static const char *voss_pid_path;
|
||||||
@@ -1864,7 +1864,24 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute,
|
|||||||
{
|
{
|
||||||
vprofile_t *ptr;
|
vprofile_t *ptr;
|
||||||
struct cuse_dev *pdev;
|
struct cuse_dev *pdev;
|
||||||
int x;
|
struct group *gr;
|
||||||
|
gid_t gid;
|
||||||
|
int x, perm;
|
||||||
|
|
||||||
|
if (!is_client) {
|
||||||
|
/*
|
||||||
|
* Loopback devices can be used only by users who part of the
|
||||||
|
* audio group, to avoid unintended snooping by unprivileged
|
||||||
|
* users.
|
||||||
|
*/
|
||||||
|
if ((gr = getgrnam("audio")) == NULL)
|
||||||
|
return ("getgrnam() failed");
|
||||||
|
gid = gr->gr_gid;
|
||||||
|
perm = 0660;
|
||||||
|
} else {
|
||||||
|
gid = 0;
|
||||||
|
perm = 0666;
|
||||||
|
}
|
||||||
|
|
||||||
rx_mute = rx_mute ? 1 : 0;
|
rx_mute = rx_mute ? 1 : 0;
|
||||||
tx_mute = tx_mute ? 1 : 0;
|
tx_mute = tx_mute ? 1 : 0;
|
||||||
@@ -1918,7 +1935,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute,
|
|||||||
|
|
||||||
/* create DSP character device */
|
/* create DSP character device */
|
||||||
pdev = cuse_dev_create(&vclient_oss_methods, ptr, NULL,
|
pdev = cuse_dev_create(&vclient_oss_methods, ptr, NULL,
|
||||||
0, 0, voss_dsp_perm, ptr->oss_name);
|
0, gid, perm, ptr->oss_name);
|
||||||
if (pdev == NULL) {
|
if (pdev == NULL) {
|
||||||
free(ptr);
|
free(ptr);
|
||||||
return ("Could not create CUSE DSP device");
|
return ("Could not create CUSE DSP device");
|
||||||
@@ -1935,7 +1952,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute,
|
|||||||
/* create WAV device */
|
/* create WAV device */
|
||||||
if (ptr->wav_name[0] != 0) {
|
if (ptr->wav_name[0] != 0) {
|
||||||
pdev = cuse_dev_create(&vclient_wav_methods, ptr, NULL,
|
pdev = cuse_dev_create(&vclient_wav_methods, ptr, NULL,
|
||||||
0, 0, voss_dsp_perm, ptr->wav_name);
|
0, gid, perm, ptr->wav_name);
|
||||||
if (pdev == NULL) {
|
if (pdev == NULL) {
|
||||||
free(ptr);
|
free(ptr);
|
||||||
return ("Could not create CUSE WAV device");
|
return ("Could not create CUSE WAV device");
|
||||||
@@ -2612,7 +2629,7 @@ main(int argc, char **argv)
|
|||||||
|
|
||||||
if (voss_ctl_device[0] != 0) {
|
if (voss_ctl_device[0] != 0) {
|
||||||
pdev = cuse_dev_create(&vctl_methods, NULL, NULL,
|
pdev = cuse_dev_create(&vctl_methods, NULL, NULL,
|
||||||
0, 0, voss_dsp_perm, voss_ctl_device);
|
0, 0, 0666, voss_ctl_device);
|
||||||
if (pdev == NULL)
|
if (pdev == NULL)
|
||||||
errx(EX_USAGE, "Could not create '/dev/%s'", voss_ctl_device);
|
errx(EX_USAGE, "Could not create '/dev/%s'", voss_ctl_device);
|
||||||
|
|
||||||
|
|||||||
@@ -23,7 +23,7 @@
|
|||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\"
|
.\"
|
||||||
.Dd April 17, 2026
|
.Dd May 7, 2026
|
||||||
.Dt VIRTUAL_OSS 8
|
.Dt VIRTUAL_OSS 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -162,6 +162,8 @@ This option should be specified before the -d and -l options.
|
|||||||
Create an OSS device by given name.
|
Create an OSS device by given name.
|
||||||
.It Fl l Ar name
|
.It Fl l Ar name
|
||||||
Create a loopback OSS device by given name.
|
Create a loopback OSS device by given name.
|
||||||
|
Users have to be part of the audio group to access this device.
|
||||||
|
This is a security measure to avoid unintended snooping by unprivileged users.
|
||||||
.It Fl L Ar name
|
.It Fl L Ar name
|
||||||
Create a loopback OSS device which acts as a master device.
|
Create a loopback OSS device which acts as a master device.
|
||||||
This option is used in conjunction with -f /dev/null .
|
This option is used in conjunction with -f /dev/null .
|
||||||
|
|||||||
Reference in New Issue
Block a user