On Tue, 23.09.08 00:35, Gregory Maxwell (gmaxwell(a)gmail.com) wrote:
>> 5.) While I paplay, I try to go Ctrl-Alt-F1. While I'm
not prevented
>> from doing so, paplay believes it should pause playing while I'm away
>> from the gui tty. Now, who's the genius that figured out this
>> "feature?"
>
> I did. And it actually is a feature. It fixes a long standing security
> issue.
[snip]
I'm missing how write access (as opposed to read/recording) to an
audio device creates a material security vulnerability. It seems that
the majority of the complaints are that playback stops and that it
surprises the user. Recording stopping may also be surprising, but
it's easy to explain the security argument there.
It's true that being able to eavesdrop in your record streams is a
bigger security hole than just eavesdropping what you play. Nonethless
it's still a hole: they'd still be able to listen to one direction of
your voip call, and they'd still be able to play a fake stream that
you might then end up trusting.
We already had this discussion here twice or more times. I do believe
the right way is to suspend audio when we switch sessions by
default. I also acknowledge that it is valid for users to put security
second and have audio continue to play. In fact and as I already
mentioned, I have this on my TODO list, but way down.
I am always happy to take patches BTW. If this feature is important to
you the best thing to make it happen is actually write the code
yourself!
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4