On Mon, Mar 08, 2010 at 11:43:53AM +0100, Arnold Krille wrote: > While I understand the fun of running jackd as root as a system service...
i am actually not talking about jackd running as root. but any user who has access to it, can shoot it down. > > On Monday 08 March 2010 03:06:08 torbenh wrote: > > otoh there are probably enough other local root exploits, so i guess > > this doesnt really matter. and a system where normal untrusted users > > get handed RT privileges is doomed anyways :) > > There is more at stake here: There are these nice network things in jack, so > this makes your "local root exploit" (which is bad enough in its own) a > "network root exploit". If your alarm bells aren't ringing here, you probably what network things ? do you mean netjack ? thats a pretty different piece of cake. > run your machine without any connection to the outside world (no network, > usb, > floppy, cdrom/dvd)... > > > so basically as long as you trust your users to the point that they dont > > want to hack into the system, its probably ok. > > What about running jackd as user "nobody" and allowing all in the audio group > to connect? > Trusting "everybody" can go wrong way to fast to even think about it. > > Oh, please, please don't ever mention running jackd as root again. Yes, it > might "fix" some problems. But finding these "fixes" in the archives leads to > many innocent googling starters to the dark side of the audio force. i am not talking about running jackd as root. (thats not the idea of PROMISCUOUS patch anyways) > _______________________________________________ > Linux-audio-dev mailing list > Linux-audio-dev@lists.linuxaudio.org > http://lists.linuxaudio.org/listinfo/linux-audio-dev -- torben Hohn _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
