[LAD] jack daemon scripts

[torbenh]

On Mon, Mar 08, 2010 at 11:43:53AM +0100, Arnold Krille wrote:
> While I understand the fun of running jackd as root as a system service...

i am actually not talking about jackd running as root.
but any user who has access to it, can shoot it down. 

> 
> On Monday 08 March 2010 03:06:08 torbenh wrote:
> > otoh there are probably enough other local root exploits, so i guess
> > this doesnt really matter. and a system where normal untrusted users
> > get handed RT privileges is doomed anyways :)
> 
> There is more at stake here: There are these nice network things in jack, so 
> this makes your "local root exploit" (which is bad enough in its own) a 
> "network root exploit". If your alarm bells aren't ringing here, you probably 

what network things ?
do you mean netjack ? 
thats a pretty different piece of cake. 


> run your machine without any connection to the outside world (no network, usb, 
> floppy, cdrom/dvd)...
> 
> > so basically as long as you trust your users to the point that they dont
> > want to hack into the system, its probably ok.
> 
> What about running jackd as user "nobody" and allowing all in the audio group 
> to connect?
> Trusting "everybody" can go wrong way to fast to even think about it.
> 
> Oh, please, please don't ever mention running jackd as root again. Yes, it 
> might "fix" some problems. But finding these "fixes" in the archives leads to 
> many innocent googling starters to the dark side of the audio force.

i am not talking about running jackd as root.
(thats not the idea of PROMISCUOUS patch anyways)




> _______________________________________________
> Linux-audio-dev mailing list
> Linux-audio-dev at lists.linuxaudio.org
> http://lists.linuxaudio.org/listinfo/linux-audio-dev


-- 
torben Hohn