Subject: Re: [linux-audio-user] running jack as non-root?
From: Hasse Hagen Johansen (hhj_AT_musikcheck.dk)
Date: Sat Feb 28 2004 - 16:50:12 EET
>>>>> "Jack" == Jack O'Quin <joq_AT_io.com> writes:
Arnold> Apart from other "official" solutions I did set the suid
Arnold> flag on all the binaries I need and changed the group to
Arnold> audio (and let others not execute the bins)...
>>
Arnold> That way I can have excellent latency times while still
Arnold> being my normal user.
>> I actually thought of that earlier. It is possibly one the
>> easiest solutions.
Jack> Maybe the easiest, but probably also the least secure.
Yes. I know :-)
>> From a security perspective it is better to login as root than
>> to use
Jack> setuid. Then at least, the person running untrusted code
Jack> with super-powers has to know the root password. His
Jack> judgement may be in question, but his authority is not. :-)
>> I just started the thread to hear about how people did get
>> realtime CAp as a normal user.....I think it actually makes
>> sence to make an audio group...could also set the permissons on
>> the audio devices etc.
Jack> The `audio' group is a good idea, and has standard support
Jack> in both Gentoo and Debian. I'm not sure about other
Jack> distributions, but it is easy to add this group yourself if
Jack> it's not already defined.
Jack> Sadly, Linux development remains quite disorganized when it
Jack> comes to realtime privileges. I wish there were a simple
Jack> answer to your question.
Jack> My feeling is that the best available approach is granting
Jack> realtime privileges based on membership in this group. With
Jack> 2.4 kernels that requires a kernel patch. Several have been
Jack> posted in the past, but AFAIK none are actively maintained.
Jack> For 2.6 kernels, there is a dynamically-installable Linux
Jack> Security Module[1] originally written by Torben Hohn, later
Jack> modified and packaged by me. Although still experimental, I
Jack> support it and intend to make it an official project. It
Jack> does not require any kernel patches, but you do need kernel
Jack> sources to build it. This LSM grants realtime privileges
Jack> based on several user-controlled options[2].
Jack> [1] http://www.joq.us/realtime [2]
Jack> http://www.joq.us/realtime/README
Jack> The option I recommend and use is `gid=29', which grants
Jack> realtime privileges to any process belonging to the Debian
Jack> `audio' group. Adding a user ID to this group grants access
Jack> to both the audio device and to the necessary realtime
Jack> privileges. -- joq
Hmm. There is some discussion if the LSM is actually very secure. That
why RSBAC is not using/is implemented as an LSM, but of course there
is always discussions... and I cannot use 2.6.x kernels right now
because fo some promise raid drivers (Yeahh that was the wrong choice
should have used linux md instead)
I was actualy thinking about if I could use EA/ACL and/or rsbac or
grsecurity, for granting specific users running specific executables
the Realtime capability
/Hasse
This archive was generated by hypermail 2b28 : Sat Feb 28 2004 - 16:47:39 EET