Re: [linux-audio-user] Just a little question

From: st <st@email-addr-hidden>
Date: Thu Sep 07 2006 - 00:55:48 EEST

Folderol wrote:
> I'm still a bit confused about some aspects of setting up a machine
> for decent audio work.
>
> Does having RT kernel have any negative aspects when the computer is
> used for general office work?

As I remember, the real-time patches are recommended for a snappy
desktop, while it is less appropriate for servers. When an audio
app is killing the CPU however, the real-time patch can make the desktop
very unresponsive indeed.

>
> Am I right in thinking there are issues with some things (jack) working
> with root privileges that might have security implications?
>
> OK I know that's more than one question :)
>

>From Jack Faq:

The simplest, and least-secure way to provide real-time privileges is running jackd as root. This has the disadvantage of also requiring all of JACK clients to run as root. Real-time scheduling is inherently dangerous; a badly or maliciously coded application can hang the system. Worse, running as root gives an intruder too many opportunities to damage or co-opt the entire system by attacking the JACK server or its clients. Systems connected to the Internet would be well-advised to avoid this approach. There are safer ways to gain the needed privileges, the exact method depends on which Operating System you run.

For Linux 2.6, the Realtime Linux Security Module provides a relatively easy way for non-root users to gain real-time privileges. Some audio-oriented distributions include this module as a separate binary package or with the kernel image. Otherwise, you will need to download the realtime-lsm source and build it yourself.
Received on Thu Sep 7 04:15:02 2006

This archive was generated by hypermail 2.1.8 : Thu Sep 07 2006 - 04:15:02 EEST