[pulseaudio-discuss] System mode & SHM

Mon Dec 8 06:20:40 PST 2014

On Monday 08 December 2014 08:56:19 Raymond Yau wrote:
> > > >>>> it is possible to enable shared memory when
> > > >>>> pulseaudio is stared in system mode?
> > > >>> 
> > > >>> Not without recompiling PulseAudio, the relevant code
> > > >>> is in src/pulsecore/protocol_native.c, function
> > > >>> command_auth:
> > > >>> 
> > > >>> #ifdef HAVE_CREDS
> > > >>> 
> > > >>>       if (do_shm) {
> > > >>>       
> > > >>>           /* Only enable SHM if both sides are owned
> > > >>>           by the
> > > >>> 
> > > >>> same * user. This is a security measure because
> > > >>> otherwise data * private to the user might leak. */
> > > >>> 
> > > >>>           const pa_creds *creds;
> > > >>>           if (!(creds = pa_pdispatch_creds(pd)) ||
> > > >>>           getuid() !=
> > > >>> 
> > > >>> creds->uid) do_shm = false;
> > > >>> 
> > > >>>       }
> > > >>> 
> > > >>> #endif
> > > >>> 
> > > >>> Maybe there's more stuff that needs to be changed as
> > > >>> well, I don't know.
> > > >> 
> > > >> Ok, so what about adding parameter which force SHM
> > > >> support if user/administrator/owner of system want to
> > > >> do that?
> > > > 
> > > > That sounds like a good idea.
> > > 
> > > I'm hesitating. I'm not saying I'm totally against it, but
> > > the security implications are somewhat scary - I assume
> > > this means you have to open up the shm files to the
> > > world, which means all users can spy on each other's
> > > audio. The srbchannel shm file will also be writable by
> > > all users, so one user can potentially enter commands in
> > > another user's stream...
> > 
> > Yes and this is what in some situation I want!
> > 
> > It is useful in case when you have one desktop computer
> > which is used by two (or maybe more) trusted persons and
> > each has own profile.
> 
> Do your desktop have two sound cards or just want to use multi
> streaming of hda-intel for two or three users using analog
> playback, alt analog playback, digital, analog capture and
> alt analog capture devices
> 

One sound card shared by multiple users.

> > Or if you have 2 (or more) users (in system) only because
> > some crappy applications support only one instance per user
> > (session).
> 
> Any example ?

Take any KDE4 application based on KUniqueApplication instance.
Or any other proprietary application which using username or 
fixed HOME. Skype has this problem too (only one instance can 
register on dbus for IPC).

-- 
Pali Rohár
pali.rohar at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20141208/81a69d8d/attachment.sig>