[pulseaudio-discuss] My computer thinks I'm schizophrenic, is PA for me?

Lennart Poettering lennart at poettering.net
Mon Apr 19 09:56:25 PDT 2010

On Mon, 19.04.10 18:09, Jan Braun (janbraun at gmx.de) wrote:

> | /* Only enable SHM if both sides are owned by the same
> |  * user. This is a security measure because otherwise data
> |  * private to the user might leak. */
> |
> | const pa_creds *creds;
> | if (!(creds = pa_pdispatch_creds(pd)) || getuid() != creds->uid)
> |   do_shm = FALSE;
> ...and you're explicitly disallowing cross-user shm transfer. :(
> I guess I'll have to figure out the security implications of messing
> with that.

Well, the story goes like this: we need to make sure that a user A
cannot trigger a SIGBUS in processes by user B simply by ftruncating an
shm region A controls and B maps and accesses. Since handling SIGBUS
from a library context is ugly to impossible we hence generally don't
allow shm data transfer between users.


Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the pulseaudio-discuss mailing list