Arts < 1.0.2 local root exploit
Neil Stevens
neil at qualityassistant.com
Tue Jul 9 11:45:18 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday July 08, 2002 08:22, Andreas Pour wrote:
> Cool! Especially the (a) part. I see the advantages of having higher
> priorities to avoid gaps, but, putting everything into higher privileges
> violates the rule of least privileges, or something like that.
But, on the other hand, every step of the process benefits from higher
privilege: reading files from the disk, decoding, filtering, and making
output to hardware. I really don't think least privilege applies here.
Ooh, and I just realized: by moving decoding into the application, rather
than leaving it on the server, that means that KDE apps would get to have
the fun task of gaining root, grabbing realtime, and dropping root again.
All this does is *increase* the amount of privilege needed to be grabbed,
rather than diminish it! Apps *and* the sound server would have to!
Audio playback is a hard real-time task. If you don't meet the deadline,
the user's ear suffers. So don't try to tell me decoding shouldn't have
to run realtime. I want to be able to use noatun while doing two
enable-final compiles.
> > Of course, we can't actually ditch aRts until at least KDE 4, for
> > Binary Compatibility reasons. So, some of us (well, me and whoever I
> > bring aboard) will continue active development of aRts until then,
> > even of others of us decide to stop.
>
> I'm not sure what you mean. Is it not possible to split arts up and
> maintain binary compatability? At least theoretically, you can always
> replace a function call, which arTs does internally, with an RPC, or a
> socket, etc. Can't the aRts interface remain exactly the same, but
> split up the functionality into two programs? Waiting until KDE 4 is a
> long time . . . .
KDE 4 is a long time away, but what's the rush? I'm seeing a lot of people
claim that Noatun works better than ever for them in KDE 3. KDE 3.1 will
see xine_playbobject and support in Kaboodle and Noatun. Now seems the
*worst* time to be throwing it all away with a rewrite.
As for rewriting it in place with binary compatibility, if it can be done I
guess it can be done. It'd just have to prove itself a worthy
replacement: not losing any functionality, maintaining skip-less
performance for those who get it, and not wasting resources.
> Well, I would be quite happy to listen in and throw in a bone where I
> might contribute something, but as I do not know the aRts internals, I
> would not feel cheated either if you thought the signal noise ratio
> would improve without this participation. Up to you.
Well, your comments on least privilege have led me to realize another
argument against the arts split-up, that it would require the player apps
themselves to grab realtime priority. So, you obviously have *some*
insight to bring into the matter, thinking from a security perspective
rather than an audio app perspective. :-)
- --
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9Kr6+f7mnligQOmERAnlUAJ9E97Bhc+KH6Wgv3ZpP6G3XtQRwGACfTCS/
kZOfaE57MrF3zxHa5Aush7g=
=MWwZ
-----END PGP SIGNATURE-----
More information about the kde-multimedia
mailing list