** Also affects: pulseaudio (Ubuntu Saucy)
Importance: Undecided
Status: New
** Changed in: pulseaudio (Ubuntu Saucy)
Importance: Undecided => Critical
** Changed in: pulseaudio (Ubuntu Saucy)
Status: New => Confirmed
** Changed in: pulseaudio (Ubuntu Saucy)
Milestone: None => ubuntu-13.10
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1211380
Title:
pulseaudio socket needs confined app restrictions
Status in “pulseaudio” package in Ubuntu:
Confirmed
Status in “pulseaudio” source package in Saucy:
Confirmed
Bug description:
Confined applications need access to the pulseaudio socket.
Unfortunately, this allows them to perform dangerous operations, such as load
a module from an arbitrary path.
It also allows them to enumerate installed applications by listing clients.
The Pulseaudio daemon should verify if an application is confined, and
if so, restrict access to certain commands.
If module loading cannot be disabled for confined applications,
perhaps it could be modified to only load modules from trusted system
locations.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1211380/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
