Hallo, Stephan Seitz hat gesagt: // Stephan Seitz wrote: > Hi! > > On Mon, Jan 19, 2004 at 08:20:45PM +0000, Myk wrote: > ># sudo alsaplayer -r > > > >will do the trick. You'll need to allow passwordless sudo-ing for any > >users (set in /etc/sudoers, check the man page for sudo) > > Bad idea. With this, alsaplayer runs as root. So you can easily read > any file (like /etc/shadow) or worse, you can overwrite any file with > your playlist.
Why go through alsaplayer, when "sudo /bin/sh" will do? ;) But this is because Gtk forces audio users to go through even more insecure paths than what Gtk prohibits with its, stupid IMO, countermeasure. It would be much easier and even more secure in the end to "setuid root" a file and then chown-ing it so only trusted users are allowed to actually use it. Then the application could drop root priviledges after higher scheduling was set and done. But with sudo the whole software runs basically as root all the time and can't even drop this priviledge. Bad kitty. ciao -- Frank Barknecht _ ______footils.org__ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Alsa-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/alsa-user
