src/usr.bin/sndiod/Makefile - view

Return to Makefile CVS log

Up to [local] / src / usr.bin / sndiod

File: [local] / src / usr.bin / sndiod / Makefile (download)

Revision 1.4, Sun Dec 20 11:38:33 2015 UTC (8 years, 5 months ago) by ratchov
Branch: MAIN
Changes since 1.3: +2 -2 lines

In case of a bug in sndiod, an attacker (a local user) could run
arbitrary code as user _sndio, i.e. get a second uid.

Mitigate the risk by implementing initial privilege separation as
follows. Break sndiod in two processes: a chroot()ed "worker" process
processing input, and a non-chroot()ed "helper" process opening
devices and passing descriptors to the worker.

With help from benno, claudio, semarie and gilles.

ok benno, semarie and tb

#	$OpenBSD: Makefile,v 1.4 2015/12/20 11:38:33 ratchov Exp $

PROG=	sndiod
SRCS=	abuf.c dev.c dsp.c fdpass.c file.c listen.c midi.c miofile.c \
	opt.c siofile.c sndiod.c sock.c utils.c
MAN=	sndiod.1
CFLAGS+=-DDEBUG -I${.CURDIR}/../../lib/libsndio
COPTS+=	-Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wundef
LDADD+=	-lsndio
.include <bsd.prog.mk>