[pulseaudio-tickets] [PulseAudio] #21: realtime group membership prevents polypaudio to start
PulseAudio
trac-noreply at tango.0pointer.de
Wed Feb 21 12:10:14 PST 2007
#21: realtime group membership prevents polypaudio to start
----------------------------------+-----------------------------------------
Reporter: eric.moret at epita.fr | Owner: lennart
Type: defect | Status: new
Priority: normal | Milestone:
Component: daemon | Severity: major
Resolution: | Keywords:
----------------------------------+-----------------------------------------
Comment (by rawuza):
Strange that noone cared about this, as it prevents you from using rt
priority (except if you make you home dir world readable which wouldn't be
such a good idea)
> > As for the case of root not being able to read it, it should only
appear with nfs root-squash (or similar) and requiring a+x in that case is
not the end of the world. The config file shouldn't contain security
sensitive information. A solution that handles all cases would be
incredibly complex (e.g. the global conf might only be readable by root).
Ideas welcome though.
Point is, all caps are dropped, including CAP_DAC_READ_SEARCH, thus euid =
0 doesn't have permissions to access files not readable by root.
>
> Wouldn't dropping root filesystem access rights with setfsuid before
reading the config files be the correct solution?
setfsuid is linux only. So it would break portability. It's better to
return to real uid right after setting capabilities. I've attached a patch
that works for me.
--
Ticket URL: <http://pulseaudio.org/ticket/21#comment:10>
PulseAudio <http://pulseaudio.org/>
The PulseAudio Sound Server
More information about the pulseaudio-bugs
mailing list