on systems lacking #defines HAVE_ACCEPT4, HAVE_PIPE2, SOCK_CLOEXEC
pulsecore/core-util.c: In function 'pa_open_cloexec':
pulsecore/core-util.c:3348:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_socket_cloexec':
pulsecore/core-util.c:3370:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_pipe_cloexec':
pulsecore/core-util.c:3393:1: warning: label 'finish' defined but not used [-Wunused-label]
pulsecore/core-util.c: In function 'pa_accept_cloexec':
pulsecore/core-util.c:3415:1: warning: label 'finish' defined but not used [-Wunused-label]
Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Initially (in commit ef422fa4ae),
pa_make_secure_dir followed a simple principle: "make a directory, or,
if it exists, check that it is suitable". Later this evolved into "make
a directory, or, if it exists, ensure that it is suitable". But the
check remained.
The check is now neither sufficient nor necessary. On POSIX-compliant
systems, the fstat results being checked are actually post-conditions of
fchmod and fchown. And on systems implementing POSIX ACLs, fstat only
reflects a part of the information relevant to the security of the
directory permissions, so PulseAudio could accept an existing insecure
directory anyway.
Also, the check still fires on non-POSIX-compliant filesystems like CIFS.
As a user cannot do anything to fix it, just accept insecure permissions
in this case.
set_scheduler() assumes that if sys/resource.h was found then we will
find RLIMIT_RTTIME there, but this is a non-POSIX extension on Linux.
Change the check to ensure that RLIMIT_RTTIME is actually defined.
Linux indeed defines this as a macro, and POSIX specifies that the other
RLIMIT_ constants must be macros, so having this as an #ifdef seems
correct.
This reverts commit c327850d9e as
the workaround in that commit is no longer needed after the real
bug has been fixed.
Conflicts:
src/pulsecore/core-util.c
Commit 7e344b5 hade the side effect of forcing every socket to
be non-blocking on Windows. This is because of a (documented)
side effect of WSAEventSelect(). So we need to make sure to restore
blocking behaviour afterwards for relevant sockets.
This code is from heftig, but the mistake that I'm fixing here is my
own. Before applying heftig's patch, I downgraded the level of one of
the log messages. I managed to downgrade a different message than what
I intended, so now I'm undoing that mistake.
In the default configuration, PulseAudio's rlimit-rttime is set to
1000000 (100%), which is higher than what RealtimeKit requires from
its clients (200000, 20%).
Make an attempt to still get realtime scheduling by clamping the
current RLIMIT_RTTIME to what RealtimeKit accepts. Warn about doing
this.
The old code accepted any word that started with "y", "Y",
"n", "N", "t", "T", "f" or "F". Fix this by having
a whitelist of full strings instead of checking just the
first letter.
When compiling without HAVE_SYMLINK the runtime dir is a real directory,
which is attempted to be created. In the case it already exists we shouldn't
error out. The HAVE_SYMLINK-enabled code already does this.
On Windows, fdsem.c:flush() fails because sockets are set to non-blocking
mode, since pa_read() returns -1 (and errno == EWOULDBLOCK). I guess pa_read()
is expected to block in this case so make it actually block by calling poll().
This makes updating of permissions on existing directories optional with
pa_make_secure_dir() and pa_make_secure_parent_dir(). This makes sure
that the recursive directory creation doesn't end up modifying existing
directories, and also fixes a problem where creating an auth cookie
(specifically ~/.esd_auth) would end up modifying permissions on ~.
Thanks to Frédéric Danis for reporting this.
realpath() on OS X behaves GNUish and accepts NULL for resolved_name
only on 10.6 and higher. Older versions will crash, if resolved_name is
NULL.
All versions define PATH_MAX, though. Better play it safe and use the
generic PATH_MAX version of pa_realpath on Mac OS X systems.
Signed-off-by: Mihai Moldovan <ionic@ionic.de>
This makes pa_make_secure_dir() create any missing parent directories in
the given path as well. This is useful, for example, on a pristine
system with a clean $HOME that needs ~/.config/pulse/ to be created when
~/.config does not exist.
If ~/.pulse/ already exists we stick to it in order not to lose
configuration and so that pulse configuration may still be shared across
the network with different PA versions.
XDG_SESSION_COOKIE was supposed to be used for access control to the
session and should not be exposed to other users.
Replace usage of XDG_SESSION_COOKIE by XDG_SESSION_ID which is the right
choice here since it is actually a proper session ID that may be
published.
When the runtime path gets long (which can happen on some NFS
mounts where $HOME is not just /home/$USER), it can grow
longer the 108 char limit imposed by sockaddr_un.sun_path.
This just calls realpath which should ultimately point into
/tmp in most cases and result in a much smaller path.
Only do this when we are adding on a name component to the
runtime path so creating the actual symlink will still get
the original, long name, but this shouldn't be a problem
as it never goes into the sockaddr_un.sun_path.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=44680
This adds a pa_str_in_list() to check for a given string in a
space-separated list of strings. For now, this is merely present to
avoid duplication of role matching code (intended roles can be a
space-separate list) across modules.
On 64-bit systems LONG_MAX is greater than the largest possible value of a
uint32_t variable, which caused the compiler to warn about a comparison that is
always false. On 32-bit systems pa_atou() can return a value that will overflow
when assigned to e->volume_limit, which has type long, so the comparison was
necessary.
This dilemma is resolved by using pa_atol() instead of pa_atou().
pulsecore/core-util.c: In function ‘pa_hexstr’:
pulsecore/core-util.c:1858: warning: cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
modules/alsa/alsa-mixer.c: In function ‘pa_alsa_decibel_fix_dump’:
modules/alsa/alsa-mixer.c:3678: warning: cannot optimize possibly infinite loops [-Wunsafe-loop-optimizations]
modules/alsa/alsa-mixer.c: In function ‘pa_alsa_path_set_new’:
modules/alsa/alsa-mixer.c:2640: warning: cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
modules/module-default-device-restore.c: In function ‘load’:
modules/module-default-device-restore.c:67: warning: ignoring return value of ‘fgets’,
declared with attribute warn_unused_result [-Wunused-result]
modules/module-default-device-restore.c:88: warning: ignoring return value of ‘fgets’,
declared with attribute warn_unused_result [-Wunused-result]
pulsecore/authkey.c: In function ‘generate’:
pulsecore/authkey.c:58: warning: ignoring return value of ‘ftruncate’,
declared with attribute warn_unused_result [-Wunused-result]
pulsecore/core-util.c: In function ‘pa_make_secure_dir’:
pulsecore/core-util.c:261: warning: ignoring return value of ‘fchown’,
declared with attribute warn_unused_result [-Wunused-result]
