On Mon, Mar 08, 2010 at 11:43:53AM +0100, Arnold Krille wrote:
> While I understand the fun of running jackd as root as a system service...
i am actually not talking about jackd running as root.
but any user who has access to it, can shoot it down.
>
> On Monday 08 March 2010 03:06:08 torbenh wrote:
> > otoh there are probably enough other local root exploits, so i guess
> > this doesnt really matter. and a system where normal untrusted users
> > get handed RT privileges is doomed anyways :)
>
> There is more at stake here: There are these nice network things in jack, so
> this makes your "local root exploit" (which is bad enough in its own) a
> "network root exploit". If your alarm bells aren't ringing here, you probably
what network things ?
do you mean netjack ?
thats a pretty different piece of cake.
> run your machine without any connection to the outside world (no network, usb,
> floppy, cdrom/dvd)...
>
> > so basically as long as you trust your users to the point that they dont
> > want to hack into the system, its probably ok.
>
> What about running jackd as user "nobody" and allowing all in the audio group
> to connect?
> Trusting "everybody" can go wrong way to fast to even think about it.
>
> Oh, please, please don't ever mention running jackd as root again. Yes, it
> might "fix" some problems. But finding these "fixes" in the archives leads to
> many innocent googling starters to the dark side of the audio force.
i am not talking about running jackd as root.
(thats not the idea of PROMISCUOUS patch anyways)
> _______________________________________________
> Linux-audio-dev mailing list
> Linux-audio-dev@email-addr-hidden
> http://lists.linuxaudio.org/listinfo/linux-audio-dev
-- torben Hohn _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@email-addr-hidden http://lists.linuxaudio.org/listinfo/linux-audio-devReceived on Mon Mar 8 16:15:03 2010
This archive was generated by hypermail 2.1.8 : Mon Mar 08 2010 - 16:15:03 EET