artswrapper defanged
Rik Hemsley
rik at kde.org
Tue Jul 16 10:39:57 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok, found some messages on kde-mm.
#if Stefan Westerfeld
> IMHO the most reasonable way to go is to not change anything. Users can
> disable realtime if they feel like it in kcontrol. Root can disable realtime
> if it feels like it by removing the suid bit. Packages can disable realtime
> if they feel like it by packaging without suid bit. (And SuSE for instance
> does this, depending on the security level [easy..paranoid). Endusers benefit
> from realtime. It has worked for ages like it was. Why change it?
Security should be enabled by default, not disabled.
> Second, for the reasoning of why artswrapper exists: you can not guarantee
> dropout-free sound at low latencies with the standard linux timesharing
> scheduler. Some applications however, such as quake or Brahms need low
> latencies to be useful.
Quake does not need to be suid to provide sound quick enough. It works
just fine without.
How many people need artsd to provide them with 'realtime' sound ?
It looks like it's only Brahms users.
How about we enable realtime scheduling only when someone is using
an app which requires artsd to have such privileges ? Quite easy to
do in a pretty way. kdesu can prompt the user and you can show a dialog
warning about the possibilities for bad things happening.
Note that even without a DoS from another local user, you can have your
system hang due to a bug in artsd. Last time I installed artswrapper suid,
the system hung solid when I started artsd.
#if Neil Stevens
> So there is really no gain in attempting to getting paranoid here. No sane
> multi-untrusted-user system will ever have artswrapper suid, no matter what
> restrictions are put on it.
And no sane sysadmin will install KDE for her users, because KDE doesn't care
about security. It installs useless (to users on such a system) programs suid,
requiring her to go and fix the holes.
Rik
- --
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9M+nt6rehpl6X9l0RAp+uAJ9PZ2s+vB29GlMGk3wnpzhgiyNjFwCdFQUT
o49PQU545xwaFSkybOUU9Wo=
=BRkS
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list