Re: gstreamer1/core: no suid root gst-ptp-helper please

Sun, 17 Dec 2017 02:48:34 -0800 

On Sat, Dec 16, 2017 at 06:37:40PM +0000, Tobias Ulmer wrote:
> Hi Antoine,
> 
> I noticed gstreamer1 core installs gst-ptp-helper setuid root.
> 
> https://cgit.freedesktop.org/gstreamer/gstreamer/tree/libs/gst/helpers/gst-ptp-helper.c
> 
> That's a rather large and scary program for a feature (Precision Time
> Protocol multicast multimedia shenanigans) with about zero users on
> OpenBSD.
> 
> I doubt it does anything useful in its current state:
> 
> gst-ptp-helper.c:305:2: warning: "Implement something to list all
> network interfaces" [-W#warnings]
> gst-ptp-helper.c:421:2: warning: "Implement something to get MAC
> addresses of network interfaces" [-W#warnings]
> 
> You don't even want to see all the high quality libs it links against..
> 
> Supposedly it's at least dropping privileges, but on a hunch compiling with
> -save-temps holds this:
> ...
> static void
> drop_privileges (void)
> {
> # 564 "gst-ptp-helper.c"
> }
> ...
> 
> Not sure whether to laugh or cry.
> 
> What I'm trying to say, can we nuke this crap from orbit, pretty please?

Thanks. I'll take care of it asap.


> 
> Index: Makefile
> ===================================================================
> RCS file: /home/vcs/cvs/openbsd/ports/multimedia/gstreamer1/core/Makefile,v
> retrieving revision 1.43
> diff -u -p -r1.43 Makefile
> --- Makefile  8 Dec 2017 14:38:36 -0000       1.43
> +++ Makefile  16 Dec 2017 18:26:58 -0000
> @@ -4,6 +4,7 @@ COMMENT=              framework for streaming media
>  
>  DISTNAME=            gstreamer-${V}
>  PKGNAME=             ${GST_PKGNAME_PREFIX}-${V}
> +REVISION=            0
>  
>  SHARED_LIBS +=  gstreamer-1.0        3.3      # 1204.0
>  SHARED_LIBS +=  gstbase-1.0          3.3      # 1204.0
> @@ -28,5 +29,8 @@ CONFIGURE_ENV +=    ac_cv_lib_gmp___gmpz_in
>  
>  # require (at least) gtk+
>  CONFIGURE_ARGS +=    --disable-examples
> +
> +# make PTP helper 'suid' at your own peril
> +CONFIGURE_ARGS +=    --with-ptp-helper-permissions=none
>  
>  .include <bsd.port.mk>
> Index: pkg/PLIST
> ===================================================================
> RCS file: /home/vcs/cvs/openbsd/ports/multimedia/gstreamer1/core/pkg/PLIST,v
> retrieving revision 1.14
> diff -u -p -r1.14 PLIST
> --- pkg/PLIST 20 Jun 2017 11:48:53 -0000      1.14
> +++ pkg/PLIST 16 Dec 2017 18:26:58 -0000
> @@ -155,9 +155,7 @@ lib/pkgconfig/gstreamer-net-${API}.pc
>  libexec/gstreamer-${API}/
>  @bin libexec/gstreamer-${API}/gst-completion-helper
>  @bin libexec/gstreamer-${API}/gst-plugin-scanner
> -@mode 4555
>  @bin libexec/gstreamer-${API}/gst-ptp-helper
> -@mode
>  @man man/man1/gst-inspect-${API}.1
>  @man man/man1/gst-launch-${API}.1
>  @man man/man1/gst-stats-${API}.1

-- 
Antoine

Reply via email to