From pst@Shockwave.COM  Mon May 15 12:18:02 1995
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id MAA12138
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 May 1995 12:17:58 -0700
Received: (from pst@localhost) by precipice.shockwave.com (8.6.11/8.6.9) id MAA20608; Mon, 15 May 1995 12:17:17 -0700
Message-Id: <199505151917.MAA20608@precipice.shockwave.com>
Date: Mon, 15 May 1995 12:17:17 -0700
From: Paul Traina <pst@Shockwave.COM>
Reply-To: pst@Shockwave.COM
To: FreeBSD-gnats-submit@freebsd.org
Subject: security of sound devices
X-Send-Pr-Version: 3.2

>Number:         423
>Category:       misc
>Synopsis:       Sound devices are too insecure
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 15 12:20:00 1995
>Closed-Date:    Mon Dec 16 14:15:16 PST 1996
>Last-Modified:  Mon Dec 16 14:19:25 PST 1996
>Originator:     Paul Traina
>Release:        FreeBSD BUILT-19950426 i386
>Organization:
Shockwave Engineering
>Environment:

FreeBSD *.* with sound driver support added.

>Description:

We currently set the permissions on these devices wide open,  as it's
easy to get unprivileged programs to work with them.

Unfortunately, it also means I can bug your room if I can rsh to your
machine,  or better yet, make farting noises on your speakers.


>How-To-Repeat:

cat farting-noise.au | rsh time.cdrom.com "cat >/dev/audio"

rsh time.cdrom.com "cat </dev/audio" | cat >/dev/audio

>Fix:

I thought about creating a new group to own the devices,  following the
dialer convention for modem devices,  but then everything would have to be
setgid,  and in point of fact, this is the wrong model.

The right model is to do the same thing that we do with /dev/console.  If
you're logged in at the console (or local X server), you own the sound devices.
When you logout, they should go back to root.sound ownership, with no world
access.

Whomever owns the console should also own the sound devices.  I think this
should be implemented by changing the protections of the sound devices at
the same time the console and tty devices are changed.  I don't think this
should be done as a kernel hack,  and I think there should be a trivial
way to disable this default behavior.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: scrappy 
State-Changed-When: Mon Oct 21 23:35:44 PDT 1996 
State-Changed-Why:  

Dust off the cobwebs - Confirm Status 
State-Changed-From-To: feedback->open     
State-Changed-By: scrappy 
State-Changed-When: Mon Oct 21 23:36:01 PDT 1996 
State-Changed-Why:  

Problem Still Exists 
State-Changed-From-To: open->closed 
State-Changed-By: mpp 
State-Changed-When: Mon Dec 16 14:15:16 PST 1996 
State-Changed-Why:  
The requested functionality already exists by using /etc/fbtab  
to change file permissions based on the login device.  I'm also  
adding a little note in the handbook mentioning this in the  
section the describes how to setup the sound device nodes. 
>Unformatted:


