[pulseaudio-discuss] My computer thinks I'm schizophrenic, is PA for me?
Lennart Poettering
lennart at poettering.net
Mon Apr 19 09:56:25 PDT 2010
On Mon, 19.04.10 18:09, Jan Braun (janbraun at gmx.de) wrote:
> | /* Only enable SHM if both sides are owned by the same
> | * user. This is a security measure because otherwise data
> | * private to the user might leak. */
> |
> | const pa_creds *creds;
> | if (!(creds = pa_pdispatch_creds(pd)) || getuid() != creds->uid)
> | do_shm = FALSE;
>
> ...and you're explicitly disallowing cross-user shm transfer. :(
> I guess I'll have to figure out the security implications of messing
> with that.
Well, the story goes like this: we need to make sure that a user A
cannot trigger a SIGBUS in processes by user B simply by ftruncating an
shm region A controls and B maps and accesses. Since handling SIGBUS
from a library context is ugly to impossible we hence generally don't
allow shm data transfer between users.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the pulseaudio-discuss
mailing list