how is pulseaudio supposed to work?

Nicolas Mailhot nicolas.mailhot at laposte.net
Wed Dec 19 15:44:41 UTC 2007


Le Mer 19 décembre 2007 16:02, Lennart Poettering a écrit :
> On Wed, 19.12.07 09:18, Simo Sorce (ssorce at redhat.com) wrote:
>
>> > If you want to open up dmix to multiple users at the same time you
>> > need to change it to 0666 or so, which is a security hole and
>> needs
>> > some non-trivial reconfiguration.
>>
>> Only if you have a mic, common on laptops, uncommon on desktops
>> (just my
>> 2c)
>
> Hmm? What does dmix have to do with microphones?

You raised the security argument. Mere mortals like Simo only see
actual potential security problems with microphones. (running a wide
open dmix is a small security problem but no one here is asking to mix
the active desktop session beeps with the background music started out
of this  session)

Note that:
- being able to cut audio resources from other applications just by
logging in is a DoS in security-speak.
- if you can log in a system there are many more attack vectors than
audio devices (let alone that most of the time people will have also
physical access so they can leave a small recorder next to the
computer)
- pushing many users to hack manually around rigid security rules that
forbid common use-cases has not been known to improve security
overall.

-- 
Nicolas Mailhot




More information about the devel mailing list