Re: [linux-audio-dev] {draft} setgid problems with GTK for realtime audio (long)

New Message Reply About this list Date view Thread view Subject view Author view Other groups

Subject: Re: [linux-audio-dev] {draft} setgid problems with GTK for realtime audio (long)
From: Paul Davis (paul_AT_linuxaudiosystems.com)
Date: Fri Dec 12 2003 - 21:24:49 EET


>On Fri, Dec 12, 2003 at 10:56:17AM -0600, Jack O'Quin wrote:
>> If refusing to run with any privileges is their goal, then they have
>> failed completely. We do it all the time right now using JACK
>> capabilities, which bypasses their checks entirely, or by running as
>> root with `sudo' or `su'.
>>
>> This is the heart of their problem. GTK *cannot tell* when it is
>> running at elevated priviledge levels. It does not detect privilege
>> levels at all, but merely disallows two of the 17 possible ways of
>> gaining privilege. By disallowing the mechanism but not the privilege
>> their action becomes counter-productive, forcing people to use cruder
>> mechanisms than would otherwise be necessary to acquire the privileges
>> they need.
>
>Those might be lightened a bit, but they might go well into your letter.

indeed, because these are the core of the issue.

whether or not we should write our RT audio apps as two processes
connected by a pipe/socket - thats a long philosophical argument on
which reasonable people can agree to differ and may even take
different positions according to the details of a given situation.

whether or not (a) the current check prevents GTK+ code from running with
elevated priviledges, and (b) whether it interferes with more "graceful"
techniques for gaining such priviledge: these are simply matters of
fact: (a) it does not, and (b) it does.

i would shorten down the letter and focus on this issue.

--p


New Message Reply About this list Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Fri Dec 12 2003 - 21:22:10 EET