8 Mar
2010
8 Mar
'10
6:44 a.m.
While I understand the fun of running jackd as root as a system service...
On Monday 08 March 2010 03:06:08 torbenh wrote:
otoh there are probably enough other local root
exploits, so i guess
this doesnt really matter. and a system where normal untrusted users
get handed RT privileges is doomed anyways :)
There is more at stake here: There are these nice network things in jack, so
this makes your "local root exploit" (which is bad enough in its own) a
"network root exploit". If your alarm bells aren't ringing here, you
probably
run your machine without any connection to the outside world (no network, usb,
floppy, cdrom/dvd)...
so basically as long as you trust your users to the
point that they dont
want to hack into the system, its probably ok.
What about running jackd as user "nobody" and allowing all in the audio group
to connect?
Trusting "everybody" can go wrong way to fast to even think about it.
Oh, please, please don't ever mention running jackd as root again. Yes, it
might "fix" some problems. But finding these "fixes" in the archives
leads to
many innocent googling starters to the dark side of the audio force.
Arnold