Bug#289797: marked as done (jackd: jackstart setuid root?)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 22 Jun 2007 22:17:06 +0000
with message-id <E1I1rRC-0000qw-6o@ries.debian.org>
and subject line Bug#269661: fixed in jack-audio-connection-kit 0.103.0-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: jackd: jackstart setuid root?
• From: Tim <tim-debian@sentinelchicken.org>
• Date: Mon, 10 Jan 2005 22:32:28 -0500
• Message-id: <1105414348.817335.2960.nullmailer@feynman.sentinelchicken.org>

Package: jackd
Version: 0.99.0-2
Severity: wishlist


While I understand that some audio binaries might need to be setgid
audio or something, is there any reason why this binary should be setuid
root? 

-snip-
tim@localhost:~> ls -la /usr/bin/jackstart 
-rwsr-xr--  1 root audio 12704 Nov  2 16:03 /usr/bin/jackstart
-/snip-

Since I can't expunge this package from my system very easily due to the
ugly dependency chain currently in place (yes I read your explanation in
the other bugs, probably not libjack's fault), it is a bit disturbing
that it comes with a setuid root binary that probably doesn't have good
input sanity checking...

This is just total speculation, but if the jackd binary gives me pretty
messages like this:

-snip-
tim@feynman:~> jackd -d dummy -r-1 -p-1 -C-1 -P-1 -w-1
jackd 0.99.0
Copyright 2001-2003 Paul Davis and others.
jackd comes with ABSOLUTELY NO WARRANTY
This is free software, and you are welcome to redistribute it
under certain conditions; see the file COPYING for details

loading driver ..
creating dummy driver ... dummy_pcm|4294967295|4294967295|4294967295|4294967295|4294967295
cannot create shm segment /jck-[32 bit float mono audio] (Invalid argument)
cannot create new port segment of -512 bytes, name = /jck-[32 bit float
mono audio] (Invalid argument)
all 32 bit float mono audio port buffers in use!
cannot assign buffer for port
DUMMY: cannot register port for capture_1
no ports available!
DUMMY: cannot register port for playback_128
jack main caught signal 2
received signal 2 during shutdown (ignored)
-/snip-


When I give it these nasty input parameters, I don't very well trust a
startup script running as root to filter options as they come down.
Perhaps I am just paranoid though...

Do you think we can nuke that nasty bit?
Thanks,
tim


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages jackd depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libcap1                     1:1.10-14    support for getting/setting POSIX.
ii  libjack0.80.0-0             0.99.0-2     JACK Audio Connection Kit (librari
ii  libreadline4                4.3-15       GNU readline and history libraries
ii  libsndfile1                 1.0.10-2     Library for reading/writing audio 

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 269661-close@bugs.debian.org
• Subject: Bug#269661: fixed in jack-audio-connection-kit 0.103.0-6
• From: Free Ekanayaka <freee@debian.org>
• Date: Fri, 22 Jun 2007 22:17:06 +0000
• Message-id: <E1I1rRC-0000qw-6o@ries.debian.org>

Source: jack-audio-connection-kit
Source-Version: 0.103.0-6

We believe that the bug you reported is fixed in the latest version of
jack-audio-connection-kit, which is due to be installed in the Debian FTP archive:

jack-audio-connection-kit_0.103.0-6.diff.gz
  to pool/main/j/jack-audio-connection-kit/jack-audio-connection-kit_0.103.0-6.diff.gz
jack-audio-connection-kit_0.103.0-6.dsc
  to pool/main/j/jack-audio-connection-kit/jack-audio-connection-kit_0.103.0-6.dsc
jackd_0.103.0-6_amd64.deb
  to pool/main/j/jack-audio-connection-kit/jackd_0.103.0-6_amd64.deb
libjack-dev_0.103.0-6_amd64.deb
  to pool/main/j/jack-audio-connection-kit/libjack-dev_0.103.0-6_amd64.deb
libjack0.100.0-0_0.103.0-6_all.deb
  to pool/main/j/jack-audio-connection-kit/libjack0.100.0-0_0.103.0-6_all.deb
libjack0.100.0-dev_0.103.0-6_all.deb
  to pool/main/j/jack-audio-connection-kit/libjack0.100.0-dev_0.103.0-6_all.deb
libjack0_0.103.0-6_amd64.deb
  to pool/main/j/jack-audio-connection-kit/libjack0_0.103.0-6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 269661@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Free Ekanayaka <freee@debian.org> (supplier of updated jack-audio-connection-kit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 28 May 2007 14:13:09 +0200
Source: jack-audio-connection-kit
Binary: libjack0 libjack0.100.0-dev libjack-dev libjack0.100.0-0 jackd
Architecture: source amd64 all
Version: 0.103.0-6
Distribution: unstable
Urgency: low
Maintainer: Debian Multimedia Team <debian-multimedia@lists.debian.org>
Changed-By: Free Ekanayaka <freee@debian.org>
Description: 
 jackd      - JACK Audio Connection Kit (server and example clients)
 libjack-dev - JACK Audio Connection Kit (development files)
 libjack0   - JACK Audio Connection Kit (libraries)
 libjack0.100.0-0 - JACK Audio Connection Kit (libraries)
 libjack0.100.0-dev - JACK Audio Connection Kit (libraries)
Closes: 269661 425180 425265 426144
Changes: 
 jack-audio-connection-kit (0.103.0-6) unstable; urgency=low
 .
   * debian/jackd.README.Debian:
      - added note about using PAM to jack grant realtime
        privileges (Closes: #425180, #269661)
      - added note about using the realtime-preempt patch
   * debian/control:
      - added libpam-modules to Recommends:
      - moved qjackctl from Suggests: to Recommends:
   * debian/rules:
      - pass --enable-static=yes to ./configure (Closes: #425265)
      - don't enable -m3dnow and -msse on i386 (Closes: #426144)
   * rebuilt against flac 1.1.4 (Closes :#426648)
Files: 
 6a9eb8f2f09f606685eeba5e37bcc075 1527 sound optional jack-audio-connection-kit_0.103.0-6.dsc
 2c0387419a2bccf6d14be31209346645 28512 sound optional jack-audio-connection-kit_0.103.0-6.diff.gz
 ff73d4aa763080c1bc8c781f0f9793d7 12614 libs optional libjack0.100.0-0_0.103.0-6_all.deb
 ba3e504362553baad865801bdb25db45 12622 libs optional libjack0.100.0-dev_0.103.0-6_all.deb
 da94caf1e53a2ef2ae2ffb70b613ab97 101036 sound optional jackd_0.103.0-6_amd64.deb
 5db5bf156bebd3727ccceb309d546f1a 95374 libs optional libjack0_0.103.0-6_amd64.deb
 299b594e073dfb15598a3f64037d541a 170070 libdevel optional libjack-dev_0.103.0-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfEescanJGlcVnlkRAuUHAJ0eYinKdXH8O8rNJqOqNFEgavFMrwCdEvKB
BkCbKfvn6mXK7NhmSeCLbMw=
=6AsW
-----END PGP SIGNATURE-----

--- End Message ---