Re: [linux-audio-user] Jackd and FIFO

New Message Reply About this list Date view Thread view Subject view Author view Other groups

Subject: Re: [linux-audio-user] Jackd and FIFO
From: Fernando Pablo Lopez-Lezcano (nando@ccrma.Stanford.EDU)
Date: Thu Jan 30 2003 - 23:21:24 EET


> > jackstart - requires the kernel be patched for 'capabilities', whatever that
> > is.
>
> I don't seem to have that command.

It is included in the jack tarball (but I would use current CVS).

> I do have jackd though. If I try to run jackd -R I get permission
> errors. I assume that is the problem?

Yep.

> Is it not possible to run jackd as root, but run your application as a
> user?

As Mark pointed out in a separate email, it is not possible.

The "capabilities" patch is a 2 line kernel patch that starts init with
a full set of capabilities (including CAP_SETPCAP, the ability to set
capabilities on other processes). Capabilities are permissions to use
certain calls or features of the kernel normally restricted to root
only. For example, one of those "capabilities" is the ability of a
process to change its own scheduler to SCHED_FIFO(*), or change other
processes scheduler to SCHED_FIFO, something we need for reliable low
latency sound i/o. An application of this is the jackstart program.
Jackstart(**) is a small program that has to run suid root that grants
jackd the capabilities that it needs to both go SCHED_FIFO itself and
grant its clients the capabilities to go SCHED_FIFO (and a couple of
other needed capabilities as well).

Why is this patch not widely included in production kernels? There's a
catch :-) The catch is that it becomes possible for a user level program
to access the SCHED_FIFO scheduler ring (_necessary_ for reliable low
latency sound). Which means a user program can lock the machine (by
entering into an infinite loop while executing with SCHED_FIFO) and
create a DOS vulnerability.

Obviously the alternatives are even worse (unreliable low latency
operation, or running everything as root)

-- Fernando

See also:
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt

(*) see man sched_setscheduler for what this all means
(**) I wrote jackstart, it is based on code and concepts found in
sucap.c, written by Finn Arne Gangstad <finnag@guardian.no> and
givertcap.c, written by Tommi Ilmonen, Tommi.Ilmonen@hut.fi. Givertcap
is also included in the standard distribution of muse.


New Message Reply About this list Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Thu Jan 30 2003 - 23:25:44 EET