Lennart Poettering schrob: > On Sat, 17.04.10 16:42, Jan Braun ([email protected]) wrote: > > Hmm, why not? I've set up PA as you describe (except for the additional > > auth-group parameter), and PA is creating entries in /dev/shm , even for > > other users than "albert". > > The PA client libs always allocate their memory from an shm region, > regardless whether it is later used for data transfer or not.
Yep, and I get:
| D: protocol-native.c: Protocol version: remote 16, local 16
| I: protocol-native.c: Got credentials: uid=1002 gid=1002 success=1
| D: protocol-native.c: SHM possible: yes
| D: protocol-native.c: Negotiated SHM: no
So this looks like 2392 in protocol-native.c :
| /* Only enable SHM if both sides are owned by the same
| * user. This is a security measure because otherwise data
| * private to the user might leak. */
|
| const pa_creds *creds;
| if (!(creds = pa_pdispatch_creds(pd)) || getuid() != creds->uid)
| do_shm = FALSE;
...and you're explicitly disallowing cross-user shm transfer. :(
I guess I'll have to figure out the security implications of messing
with that.
regards,
Jan
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
signature.asc
Description: Digital signature
_______________________________________________ pulseaudio-discuss mailing list [email protected] https://tango.0pointer.de/mailman/listinfo/pulseaudio-discuss
