Arts < 1.0.2 local root exploit
Andreas Pour
pour at mieterra.com
Tue Jul 9 04:22:40 BST 2002
Neil Stevens wrote:
Hi,
Please cc: me, as I'm not subscribed (sorry, already on about 20 mailing
lists . . .)
> On Monday July 08, 2002 12:29, Stefan Westerfeld wrote:
> > If you had been following the kde-multimedia list, you would have seen
> > that this (and more) is what I have been proposing as strategy recently.
Great news! Somehow I missed that, perhaps b/c I also miss the KDE
Kernel Cousin.
> > http://lists.kde.org/?l=kde-multimedia&m=102500101116464&w=2
> >
> > Note that this is a long-term decision, you can't make this transition
> > in a few days. It also might mean - if it goes like I think it might go
> > - that the monolithic aRts as we know it completely ceases to exist some
> > day in the future. Being replaced by
> >
> > (a) a common lightweight soundserver (shareable with the GNOMEs) (*)
> > (b) a codec API for various media formats (usable by noatun)
> > (c) a common API to access the soundserver (CSL) (*)
> > (d) a seperate music/synthesis framework doing "the rest" (SFK)
Cool! Especially the (a) part. I see the advantages of having higher
priorities to avoid gaps, but, putting everything into higher privileges
violates the rule of least privileges, or something like that.
> Of course, we can't actually ditch aRts until at least KDE 4, for Binary
> Compatibility reasons. So, some of us (well, me and whoever I bring
> aboard) will continue active development of aRts until then, even of
> others of us decide to stop.
I'm not sure what you mean. Is it not possible to split arts up and
maintain binary compatability? At least theoretically, you can always
replace a function call, which arTs does internally, with an RPC, or a
socket, etc. Can't the aRts interface remain exactly the same, but
split up the functionality into two programs? Waiting until KDE 4 is a
long time . . . .
> > If anybody feels like seriously discussing implications of such a move,
> > such a strategic implications, risks, transition phases, and so on, I
> > would be more than happy to get some comments on whether the big picture
> > sounds approximately right.
>
> Well, you already got my "no" explanation, but if you'd like to see it
> again I'd be happy to try. :-)
Well, I would be quite happy to listen in and throw in a bone where I
might contribute something, but as I do not know the aRts internals, I
would not feel cheated either if you thought the signal noise ratio
would improve without this participation. Up to you.
Ciao,
Dre
More information about the kde-multimedia
mailing list