While I understand the fun of running jackd as root as a system service...
On Monday 08 March 2010 03:06:08 torbenh wrote:
> otoh there are probably enough other local root exploits, so i guess
> this doesnt really matter. and a system where normal untrusted users
> get handed RT privileges is doomed anyways :)
There is more at stake here: There are these nice network things in jack, so
this makes your "local root exploit" (which is bad enough in its own) a
"network root exploit". If your alarm bells aren't ringing here, you probably
run your machine without any connection to the outside world (no network, usb,
floppy, cdrom/dvd)...
> so basically as long as you trust your users to the point that they dont
> want to hack into the system, its probably ok.
What about running jackd as user "nobody" and allowing all in the audio group
to connect?
Trusting "everybody" can go wrong way to fast to even think about it.
Oh, please, please don't ever mention running jackd as root again. Yes, it
might "fix" some problems. But finding these "fixes" in the archives leads to
many innocent googling starters to the dark side of the audio force.
Arnold
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@email-addr-hidden
http://lists.linuxaudio.org/listinfo/linux-audio-dev
This archive was generated by hypermail 2.1.8 : Mon Mar 08 2010 - 16:15:02 EET