If I had to venture a guess it was probably more that
some 'intentionally
bad' application could be written to take advantage of a machine that had a
kernel patched for capabilities, and not specifically that jackstart itself
was a problem. I would suspect that a number of developers would not be
particularly concerned with this, but I'll make the observation that I
quickly counted more than 40 Jack applications on the web site this morning.
What percentage of those have actually been tested using a capabilities
based kernel, and what assurance does a user like me have that one of them
doesn't do an rm / intentionally or by mistake?
I think the only risk (that I know off) would be an application that
hangs the machine because there is an infinite loop or lockup in the
audio thread (which is the one that runs with SCHED_FIFO - realtime
schedulling). The capabilities granted by jackstart to jackd (thus to
the jack clients) do not allow the process access to arbitrary files.
Obviously that can happen if you are just running applications as root
and not using capabilities at all (all bets are off if you run as root).
Jack has a watchdog timer that supposedly would kill apps that do that.
It does not always work. When I was having problems with deadlocks in
2.4.20 (traced by Andrew Morton to a bug in the ext3 code) the internal
Jack watchdog process did not kill jack or the offending process. I used
another program (rt_monitor) to do that, and it was pretty effective in
reviving the machine after each lockup.
As this list grows to 100 or
200 apps, how will I - as a user, not a developer - be protected against
something like this?
Not that many choices (against badly behaving jack clients). Watchdog
timers that look for errant processes would be the first. But the _real_
protection should come from a better scheduler that takes that into
account in the kernel itself (I saw messages in a list, can't remember
which, and a patch for such a scheduler).
-- Fernando