[pulseaudio-discuss] My computer thinks I'm schizophrenic, is PA for me?
Jan Braun
janbraun at gmx.de
Mon Apr 19 10:23:20 PDT 2010
Lennart Poettering schrob:
> > ...and you're explicitly disallowing cross-user shm transfer. :(
> > I guess I'll have to figure out the security implications of messing
> > with that.
>
> Well, the story goes like this: we need to make sure that a user A
> cannot trigger a SIGBUS in processes by user B simply by ftruncating an
> shm region A controls and B maps and accesses. Since handling SIGBUS
> from a library context is ugly to impossible we hence generally don't
> allow shm data transfer between users.
Thanks for the explanation. But this is only a DoS, isn't it? A can
terminate B's audio applications. That's something I could happily live
with, particularly as it means one of my personalities would need to
use a malicious (mis-)implementation of the PA protocol.
But of course, I see how you wouldn't want to oficcially distribute
that, so I'll probably be compiling my own version of PA in the future.
The joys of Free Software. :)
Thanks again,
Jan
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20100419/3ec679e1/attachment.pgp>
More information about the pulseaudio-discuss
mailing list