On 09.07.2018 14:40, Tanu Kaskinen wrote:
On Sat, 2018-07-07 at 11:48 +0200, Georg Chini wrote:
On 04.07.2018 12:40, Tanu Kaskinen wrote:
We recently changed the umask of the daemon from 022 to 077, which broke
module-pipe-sink in the system mode, because nobody was allowed to read
from the pipe.
module-pipe-source in the system mode was probably always broken,
because the old umask of 022 should prevent anyone from writing to the
pipe.
This patch uses chmod() after the file creation to set the permissions
to 0666, which is what the fkfifo() call tried to set.
Bug link: https://bugs.freedesktop.org/show_bug.cgi?id=107070
---
Should the permissions really be 666? Would not 660 be better,
so that there is at least some control who may access the pipe?
If the mode were 660, the bug that was reported would not be fixed. In
the system mode the owner and group are "pulse", so nobody would be
able to access the pipe.
I agree that it's questionable to give everyone access, but that's what
we've always done (or at least we've always given read access, but the
intention has been to give write access as well).
OK, then your patch is fine for me.
If we want to tighten the permissions, that can be done in a separate
patch.
We could make the mode configurable and default to 600 in the
user mode and 666 in the system mode. We could also make the group
configurable with "pulse-access" as the default group, then we could
default to 660 in the system mode.
We could also remove write access in case of module-pipe-sink and read
access in case of module-pipe-source.
_______________________________________________
pulseaudio-discuss mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
