On Wed, 19.12.07 16:44, Nicolas Mailhot (nicolas.mailhot(a)laposte.net) wrote:
> Hmm? What does dmix have to do with microphones?
You raised the security argument. Mere mortals like Simo only see
actual potential security problems with microphones. (running a wide
open dmix is a small security problem but no one here is asking to mix
the active desktop session beeps with the background music started out
of this session)
Uh? dmix is not involved with recording audio.
However, dmix has two problems if you open it up for other users: you
can use it to capture whatever the other users play [1], and you get
more access to the other processe's internals than is safe. I.e. you
can make the other process freeze, burn CPU and so on.
Note that:
- being able to cut audio resources from other applications just by
logging in is a DoS in security-speak.
Ah! that's good. The last time I tried to run "rm /etc/fstab" as a
normal user all I got back was "Access denied". I never came to the
conclusion that this should be considered a "Denial of service". But
indeed, we should consider all "Access denied" errors to be "Denial of
service" exploits. Let me prepare those mails to bugtraq...
- if you can log in a system there are many more attack vectors than
audio devices (let alone that most of the time people will have also
physical access so they can leave a small recorder next to the
computer)
This. Is. Just. Great.
- pushing many users to hack manually around rigid security rules
that
forbid common use-cases has not been known to improve security
overall.
It. Gets. Even. Better.
Lennart
Footnotes:
[1] And I certainly don't want other people using my machine to spy on
my VoIP calls or listen into the audio track of my very private
porn videos! ;-)
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4