** Description changed: - Confined applications need access to the pulseaudio socket. + Confined applications need access to the pulseaudio socket. Currently + several sockets are available to apps, and some allow performing + dangerous operations, such as loading a module from an arbitrary path. - Unfortunately, this allows them to perform dangerous operations, such as load a module from an arbitrary path. - It also allows them to enumerate installed applications by listing clients. + It also allows them to enumerate installed applications by listing + clients. The Pulseaudio daemon should verify if an application is confined, and if so, restrict access to certain commands. If module loading cannot be disabled for confined applications, perhaps it could be modified to only load modules from trusted system locations.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1211380 Title: pulseaudio socket needs confined app restrictions To manage notifications about this bug go to: https://bugs.launchpad.net/pulseaudio/+bug/1211380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs