|
pulseaudio-equalizer-2.7-alt1.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/pulseaudio-equalizer: $ grep -A5 -B5 /tmp/ /usr/bin/pulseaudio-equalizer if [ "$1" = "disable" -o "$1" = "enable" ]; then echo "-------------------------------------" echo "Current operation: disabling equalizer" echo "-------------------------------------" echo -n >/tmp/eqcommands.sh # Unload & reload stream-restore module echo "Unloading & reloading stream-restore module..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" echo >>/tmp/eqcommands.sh "load-module module-stream-restore" # Unload LADSPA sink module (if it is already loaded) echo "Unloading module-ladspa-sink..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" # Move active client sinks to ALSA sink echo "Moving active PulseAudio clients to ALSA sink ($PA_MASTER_SINK)..." echo >>/tmp/eqcommands.sh "$(pacmd "list-sink-inputs" | grep 'index: ' | sed 's/ index: /move-sink-input /g' | sed "s/$/ $PA_MASTER_SINK/g")" # Transfer current mute/sink volume to ALSA sink echo "Transferring current mute ($PA_CURRENT_MUTE) & volume ($PA_CURRENT_VOLUME%) to ALSA sink ($PA_MASTER_SINK)..." echo >>/tmp/eqcommands.sh "set-default-sink $PA_MASTER_SINK" echo >>/tmp/eqcommands.sh "set-sink-volume $PA_MASTER_SINK $PA_REAL_VOLUME" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_MASTER_SINK $PA_CURRENT_MUTE" # Execute all queued commands (for potential speed benefit)... pacmd /dev/null fi if [ "$1" = "enable" ]; then echo "-------------------------------------" echo "Current operation: enabling equalizer" echo "-------------------------------------" echo -n >/tmp/eqcommands.sh # Unload & reload stream-restore module with restore_device option disabled (to ensure that previously cached per-client sinks are not used) echo "Unloading & reloading stream-restore module..." echo >>/tmp/eqcommands.sh "unload-module $(pacmd list | grep -B1 -m1 'name: ' | grep ' index: ' | sed 's/ index: //g')" echo >>/tmp/eqcommands.sh "load-module module-stream-restore restore_device=false" # Load LADSPA sink module echo "Loading module-ladspa-sink..." echo >>/tmp/eqcommands.sh "load-module module-ladspa-sink sink_name=$PA_LADSPA_SINK master=$PA_MASTER_SINK plugin=$PA_LADSPA_PLUGIN label=$PA_LADSPA_LABEL control=$PA_LADSPA_CONTROLS" # Transfer current sink mute/volume to LADSPA sink echo "Transferring current mute ($PA_CURRENT_MUTE) & volume ($PA_CURRENT_VOLUME%) to LADSPA sink ($PA_LADSPA_SINK)..." echo >>/tmp/eqcommands.sh "set-sink-volume $PA_LADSPA_SINK $PA_REAL_VOLUME" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_LADSPA_SINK $PA_CURRENT_MUTE" # Unmute & set preamp level on ALSA sink (as LADSPA sink will act as primary volume control) echo "Setting ALSA sink ($PA_MASTER_SINK) preamp ("$PA_PREAMP"x)..." #echo >>/tmp/eqcommands.sh "set-sink-volume $PA_MASTER_SINK $PA_REAL_PREAMP" echo >>/tmp/eqcommands.sh "set-sink-mute $PA_MASTER_SINK 0" # Set the LADSPA sink as the default echo "Setting LADSPA sink ($PA_LADSPA_SINK) as default sink..." echo >>/tmp/eqcommands.sh "set-default-sink $PA_LADSPA_SINK" # Move currently active client sinks to LADSPA sink echo "Moving active PulseAudio clients to LADSPA sink ($PA_LADSPA_SINK)..." echo >>/tmp/eqcommands.sh "$(pacmd "list-sink-inputs" | grep 'index: ' | sed 's/ index: /move-sink-input /g' | sed "s/$/ $PA_LADSPA_SINK/g")" # Execute all queued commands (for potential speed benefit)... pacmd /dev/null fi if [ "$1" = "" -o "$1" = "-h" -o "$1" = "--help" ]; then echo -e "Usage: $SCRIPT_NAME [option]" echo -e "WARNING: This is for internal use by the pulseaudio-equalizer-gtk interface." |