While I understand the fun of running jackd as root as a system service... On Monday 08 March 2010 03:06:08 torbenh wrote: > otoh there are probably enough other local root exploits, so i guess > this doesnt really matter. and a system where normal untrusted users > get handed RT privileges is doomed anyways :)
There is more at stake here: There are these nice network things in jack, so this makes your "local root exploit" (which is bad enough in its own) a "network root exploit". If your alarm bells aren't ringing here, you probably run your machine without any connection to the outside world (no network, usb, floppy, cdrom/dvd)... > so basically as long as you trust your users to the point that they dont > want to hack into the system, its probably ok. What about running jackd as user "nobody" and allowing all in the audio group to connect? Trusting "everybody" can go wrong way to fast to even think about it. Oh, please, please don't ever mention running jackd as root again. Yes, it might "fix" some problems. But finding these "fixes" in the archives leads to many innocent googling starters to the dark side of the audio force. Arnold
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
