[LAD] jack daemon scripts

[Arnold Krille]

While I understand the fun of running jackd as root as a system service...

On Monday 08 March 2010 03:06:08 torbenh wrote:
> otoh there are probably enough other local root exploits, so i guess
> this doesnt really matter. and a system where normal untrusted users
> get handed RT privileges is doomed anyways :)

There is more at stake here: There are these nice network things in jack, so 
this makes your "local root exploit" (which is bad enough in its own) a 
"network root exploit". If your alarm bells aren't ringing here, you probably 
run your machine without any connection to the outside world (no network, usb, 
floppy, cdrom/dvd)...

> so basically as long as you trust your users to the point that they dont
> want to hack into the system, its probably ok.

What about running jackd as user "nobody" and allowing all in the audio group 
to connect?
Trusting "everybody" can go wrong way to fast to even think about it.

Oh, please, please don't ever mention running jackd as root again. Yes, it 
might "fix" some problems. But finding these "fixes" in the archives leads to 
many innocent googling starters to the dark side of the audio force.

Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxaudio.org/pipermail/linux-audio-dev/attachments/20100308/052a92fc/attachment.pgp>