diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-01-13 22:08:59 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-01-13 22:08:59 +0100 |
commit | 3d6cc026e25ea3015ea989273ba69336a26ab686 (patch) | |
tree | 6828226fa64178b58a9a0f6e5645b5d3234184f9 | |
parent | 4b1679e06d3b4ed98ed8e934db8c0fe99877a56c (diff) |
client: introduce auto-connect-localhost= option in client.conf
Partly fixes:
http://pulseaudio.org/ticket/773
Also fixes a security hole since listening on the default port is not
access controlled right now.
-rw-r--r-- | man/pulse-client.conf.5.xml.in | 10 | ||||
-rw-r--r-- | src/pulse/client-conf.c | 4 | ||||
-rw-r--r-- | src/pulse/client-conf.h | 2 | ||||
-rw-r--r-- | src/pulse/client.conf.in | 2 | ||||
-rw-r--r-- | src/pulse/context.c | 6 |
5 files changed, 20 insertions, 4 deletions
diff --git a/man/pulse-client.conf.5.xml.in b/man/pulse-client.conf.5.xml.in index 46cc8450..349b5159 100644 --- a/man/pulse-client.conf.5.xml.in +++ b/man/pulse-client.conf.5.xml.in @@ -106,6 +106,16 @@ USA. memory overcommit.</p> </option> + <option> + <p><opt>auto-connect-localhost=</opt> Automatically try to + connect to localhost via IP. Enabling this is a potential + security hole since connections are only authenticated one-way + and a rogue server might hence fool a client into sending it its + private (e.g. VoIP call) data. This was enabled by default on + PulseAudio version 0.9.21 and older. Defaults to + <opt>no</opt>.</p> + </option> + </section> <section name="Authors"> diff --git a/src/pulse/client-conf.c b/src/pulse/client-conf.c index 3eaca4d9..6c97802b 100644 --- a/src/pulse/client-conf.c +++ b/src/pulse/client-conf.c @@ -62,7 +62,8 @@ static const pa_client_conf default_conf = { .disable_shm = FALSE, .cookie_file = NULL, .cookie_valid = FALSE, - .shm_size = 0 + .shm_size = 0, + .auto_connect_localhost = FALSE }; pa_client_conf *pa_client_conf_new(void) { @@ -105,6 +106,7 @@ int pa_client_conf_load(pa_client_conf *c, const char *filename) { { "disable-shm", pa_config_parse_bool, &c->disable_shm, NULL }, { "enable-shm", pa_config_parse_not_bool, &c->disable_shm, NULL }, { "shm-size-bytes", pa_config_parse_size, &c->shm_size, NULL }, + { "auto-connect-localhost", pa_config_parse_bool, &c->auto_connect_localhost, NULL }, { NULL, NULL, NULL, NULL }, }; diff --git a/src/pulse/client-conf.h b/src/pulse/client-conf.h index 618216f4..3bca8fdd 100644 --- a/src/pulse/client-conf.h +++ b/src/pulse/client-conf.h @@ -29,7 +29,7 @@ typedef struct pa_client_conf { char *daemon_binary, *extra_arguments, *default_sink, *default_source, *default_server, *default_dbus_server, *cookie_file; - pa_bool_t autospawn, disable_shm; + pa_bool_t autospawn, disable_shm, auto_connect_localhost; uint8_t cookie[PA_NATIVE_COOKIE_LENGTH]; pa_bool_t cookie_valid; /* non-zero, when cookie is valid */ size_t shm_size; diff --git a/src/pulse/client.conf.in b/src/pulse/client.conf.in index e03096e0..090713ec 100644 --- a/src/pulse/client.conf.in +++ b/src/pulse/client.conf.in @@ -32,3 +32,5 @@ ; enable-shm = yes ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB + +; auto-connect-localhost = no diff --git a/src/pulse/context.c b/src/pulse/context.c index 00184920..85b90ac7 100644 --- a/src/pulse/context.c +++ b/src/pulse/context.c @@ -997,8 +997,10 @@ int pa_context_connect( } /* Add TCP/IP on the localhost */ - c->server_list = pa_strlist_prepend(c->server_list, "tcp6:[::1]"); - c->server_list = pa_strlist_prepend(c->server_list, "tcp4:127.0.0.1"); + if (c->conf->auto_connect_localhost) { + c->server_list = pa_strlist_prepend(c->server_list, "tcp6:[::1]"); + c->server_list = pa_strlist_prepend(c->server_list, "tcp4:127.0.0.1"); + } /* The system wide instance via PF_LOCAL */ c->server_list = pa_strlist_prepend(c->server_list, PA_SYSTEM_RUNTIME_PATH PA_PATH_SEP PA_NATIVE_DEFAULT_UNIX_SOCKET); |