8 Mar
2010
8 Mar
'10
8:08 a.m.
On Mon, Mar 08, 2010 at 11:43:53AM +0100, Arnold Krille wrote:
While I understand the fun of running jackd as root as
a system service...
i am actually not talking about jackd running as root.
but any user who has access to it, can shoot it down.
On Monday 08 March 2010 03:06:08 torbenh wrote:
what network things ?
do you mean netjack ?
thats a pretty different piece of cake.
otoh there are probably enough other local root
exploits, so i guess
this doesnt really matter. and a system where normal untrusted users
get handed RT privileges is doomed anyways :)
There is more at stake here: There are these nice network things in jack, so
this makes your "local root exploit" (which is bad enough in its own) a
"network root exploit". If your alarm bells aren't ringing here, you
probably run your machine without any connection to the outside
world (no network, usb,
floppy, cdrom/dvd)...
i am not talking about running jackd as root.
(thats not the idea of PROMISCUOUS patch anyways)
so basically as long as you trust your users to
the point that they dont
want to hack into the system, its probably ok.
What about running jackd as user "nobody" and allowing all in the audio group
to connect?
Trusting "everybody" can go wrong way to fast to even think about it.
Oh, please, please don't ever mention running jackd as root again. Yes, it
might "fix" some problems. But finding these "fixes" in the archives
leads to
many innocent googling starters to the dark side of the audio force. _______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev(a)lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-dev
--
torben Hohn