On Thu, Jan 31, 2019 at 09:08:04AM +0100, Takashi Iwai wrote: > Mark Brown wrote: > > anything O_APPEND based. My understanding is that this is fundamentally > > a risk mitigation thing - by not having any of the sound kernel > > interfaces available to the applications affected there's no possibility > > that any problems in the sound code can cause security issues. > The patch 2 implements exactly that kind of access restriction, so > that the passed fd won't do anything else than wished. Yeah. > If we want to be super-conservative, the implementation could be even > simpler -- instead of filtering, we may pass a minimum fd ops that > contains only mmap and release for the anon-dup fd... I think that'd definitely help address the concerns.
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
