Fix EsounD daemon and library insecurities noted on BugTraq.

Instead of an 0777 chock-full-o-races /tmp/.esd/, use a 0755 ~/.esd/.
Also, the ~/.esd/socket of course needs only be 0644.

Two macros had to be backed up by functions which returned a static
buffer.  These macros, ESD_UNIX_SOCKET_DIR and ESD_UNIX_SOCKET_NAME,
both return constant strings as the new functions esd_unix_socket_dir()
and esd_unix_socket_name(), so the static buffers are not particularly
evil.

The fix has been tested (without needing recompilation) by the most
important EsounD-related apps, esd and XMMS, and works perfectly
in both cases.  It will be submitted to the EsounD maintainer to
be fixed in the source distribution ASAP.

Approved by:    Security Officer Kris
Noticed by:     Stan Bubrouski <satan@FASTDIAL.NET>

0 files changed, 0 insertions, 0 deletions