[LAD] jack1 unsafe with accidentally (?) internal exported functions

Tito Latini tito.01beta at gmail.com
Mon Mar 16 22:29:10 UTC 2015

On Mon, Mar 16, 2015 at 01:22:56PM -0500, Paul Davis wrote:
> Although their export is a mistake, I really don't see this as of any
> particular importance.
> JACK is almost always a per-user system. JACK also allows clients to
> scribble all over each other ports. The fact that someone can write an
> application which does this is really not much of an issue compared to that.

live coding over net is trendy and there are tools linked to libjack,
often with the possibility to call foreign functions. In this context,
an user without particular privileges could cause a crash to the root.

Regardless, to complete the report, the hidden functions are:

cleanup_mlock                        default_jack_error_callback
default_jack_info_callback           jack_attach_port_segment
jack_attach_shm                      jack_call_sync_client
jack_call_timebase_master            jack_cleanup_shm
jack_client_alloc                    jack_client_alloc_internal
jack_client_deliver_request          jack_client_fix_port_buffers
jack_client_handle_latency_callback  jack_client_handle_port_connection
jack_client_handle_session_callback  jack_client_open_aux
jack_clock_source_name               jack_default_server_name
jack_destroy_shm                     jack_event_type_name
jack_generate_unique_id              jack_get_all_descriptions
jack_get_description                 jack_get_free_shm_info
jack_get_mhz                         jack_get_microseconds_from_cycles
jack_get_microseconds_from_system    jack_get_port_functions
jack_get_process_done_fd             jack_hpet_init
jack_init_time                       jack_initialize_shm
jack_internal_client_load_aux        jack_messagebuffer_add
jack_messagebuffer_exit              jack_messagebuffer_init
jack_messagebuffer_thread_init       jack_midi_internal_event_size
jack_pool_alloc                      jack_pool_release
jack_port_by_id_int                  jack_port_by_name_int
jack_port_name_equals                jack_port_new
jack_port_type_buffer_size           jack_register_server
jack_release_shm                     jack_release_shm_info
jack_resize_shm                      jack_server_dir
jack_set_clock_source                jack_shmalloc
jack_start_freewheel                 jack_stop_freewheel
jack_transport_copy_position         jack_unregister_server
jack_user_dir                        silent_jack_error_callback

(obtained with the follow imperfect script, useful to discover
exported internal functions also in other non-stripped libraries)

# Discover JACK's hidden functions.
# example:
# ./jack_hidden_functions /usr/lib64/libjack.so /usr/include/jack/*

        local fname="$1"
        sed -n '/[^A-Za-z0-9_]*'"${fname}"'[^A-Za-z0-9_]/{\_^[ \t]*/\?\*_d;\_^[ \t]*//_d;p}' "$@"

        while read lib; do
                [ -z "$(find_headers ${lib} "$@" | head -1)" ] && echo "${lib}"

        if [ ! -f "$1" -o ! -f "$2" ]; then
                echo "Usage: $(basename $0) <libfile> <hfile> [hfile...]"
                exit 2

        local libpath="$1"
        nm "${libpath}" | awk '$2 == "T" {print $3}' | globl_without_header "$@"

main "$@"

More information about the Linux-audio-dev mailing list