diff options
author | Cédric Schieli <cschieli@gmail.com> | 2017-03-18 11:33:30 +0100 |
---|---|---|
committer | Cédric Schieli <cschieli@gmail.com> | 2017-03-18 14:27:37 +0100 |
commit | d4f925c2eafa050f2cda5b682f077b892d3b3de2 (patch) | |
tree | 78f4b3526e15ed564dade6730b8b20c1bc60bedf | |
parent | 5d89eba8c7d2010100e372a286ff24fb0aadba6a (diff) | |
download | jack2-d4f925c2eafa050f2cda5b682f077b892d3b3de2.tar.gz |
Secure promiscuous mode for posix semaphores
Adjusts the permissions of posix semaphores when promiscuous mode is enabled.
Note that changing permissions of semaphores is only supported on linux by
using the /dev/shm filesystem. As of now, linux does not use posix semaphores
anymore so this code is currently unsed.
-rw-r--r-- | posix/JackPosixSemaphore.cpp | 22 | ||||
-rw-r--r-- | posix/JackPosixSemaphore.h | 7 |
2 files changed, 26 insertions, 3 deletions
diff --git a/posix/JackPosixSemaphore.cpp b/posix/JackPosixSemaphore.cpp index 9e511647..1f4df7a4 100644 --- a/posix/JackPosixSemaphore.cpp +++ b/posix/JackPosixSemaphore.cpp @@ -24,10 +24,22 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include <fcntl.h> #include <stdio.h> #include <sys/time.h> +#ifdef __linux__ +#include "promiscuous.h" +#endif namespace Jack { +JackPosixSemaphore::JackPosixSemaphore() : JackSynchro(), fSemaphore(NULL) +{ + const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER"); + fPromiscuous = (promiscuous != NULL); +#ifdef __linux__ + fPromiscuousGid = jack_group2gid(promiscuous); +#endif +} + void JackPosixSemaphore::BuildName(const char* client_name, const char* server_name, char* res, int size) { char ext_client_name[SYNC_MAX_NAME_SIZE + 1]; @@ -35,7 +47,7 @@ void JackPosixSemaphore::BuildName(const char* client_name, const char* server_n #if __APPLE__ // POSIX semaphore names are limited to 32 characters... snprintf(res, 32, "js_%s", ext_client_name); #else - if (getenv("JACK_PROMISCUOUS_SERVER")) { + if (fPromiscuous) { snprintf(res, size, "jack_sem.%s_%s", server_name, ext_client_name); } else { snprintf(res, size, "jack_sem.%d_%s_%s", JackTools::GetUID(), server_name, ext_client_name); @@ -147,6 +159,14 @@ bool JackPosixSemaphore::Allocate(const char* name, const char* server_name, int jack_error("Allocate: can't check in named semaphore name = %s err = %s", fName, strerror(errno)); return false; } else { +#ifdef __linux__ + if (fPromiscuous) { + char sempath[SYNC_MAX_NAME_SIZE+13]; + snprintf(sempath, sizeof(sempath), "/dev/shm/sem.%s", fName); + if (jack_promiscuous_perms(-1, sempath, fPromiscuousGid) < 0) + return false; + } +#endif return true; } } diff --git a/posix/JackPosixSemaphore.h b/posix/JackPosixSemaphore.h index 94f4d60f..bc5e0cea 100644 --- a/posix/JackPosixSemaphore.h +++ b/posix/JackPosixSemaphore.h @@ -39,6 +39,10 @@ class SERVER_EXPORT JackPosixSemaphore : public detail::JackSynchro private: sem_t* fSemaphore; + bool fPromiscuous; +#ifdef __linux__ + int fPromiscuousGid; +#endif protected: @@ -46,8 +50,7 @@ class SERVER_EXPORT JackPosixSemaphore : public detail::JackSynchro public: - JackPosixSemaphore():JackSynchro(), fSemaphore(NULL) - {} + JackPosixSemaphore(); bool Signal(); bool SignalAll(); |