-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all. I want to do something simple, I want to have my local mail delivery software, maildrop, play a sound, depending on from who a particular mail message arrives. Simple, right? Well, not really, as I'll describe below. Maildrop runs suid root, -rwsr-xr-x 1 root daemon 162208 May 18 01:35 maildrop, which its author says is safe, and in fact encouraged for a couple of reasons, since maildrop takes on the uid/gid of the user whose mailbox it's delivering mail to. I have verified this, by writing up a small program that outputs the uid, gid, effective uid, and effective gid, and I ran this program inside my $HOME/.mailfilter, and it does get run as user greg, and group greg, effective and otherwise. So, coming back to what I want to do, I have in my $HOME/.mailfilter several if statements, each of which invokes aplay to play a specific sound file. When user greg, who has access to the audio group, runs aplay from the shell prompt, everything works as expected. However, when aplay gets run by maildrop, I get no sound, and the below message: ALSA lib confmisc.c:769:(parse_card) cannot find card '' ALSA lib conf.c:3510:(_snd_config_evaluate) function snd_func_card_driver returned error: No such device ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:3510:(_snd_config_evaluate) function snd_func_concat returned error: No such device ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name ALSA lib conf.c:3510:(_snd_config_evaluate) function snd_func_refer returned error: No such device ALSA lib conf.c:3982:(snd_config_expand) Evaluate error: No such device ALSA lib pcm.c:2144:(snd_pcm_open_noupdate) Unknown PCM default aplay: main:545: audio open error: No such device Although user greg has access to the audio group, it seems that maildrop, and any other programs that get invoked from it, run only as user greg, group greg. What it boils down to is that aplay doesn't have access to the audio hardware, when it is run by maildrop. I have thought of a couple solutions for this, but don't like what I've come up with so far. 1. Make aplay run suid root, which actually does work, in terms of playing audio when aplay is run by maildrop. However, this approach is problematic. At best, anyone with an account on this system can decide to annoy me by playing stuff via aplay on the system. This activity would piss me off sooner or later, (probably sooner), resulting in the suspension of the culprit's account. At worst, someone can exploit a future security whole in aplay, and gain access on the system as root. 2. Another solution is to make the audio hardware writable to everyone on the system. While this would solve the problem of future possible security wholes in aplay, it would still mean that anybody with an account here could be obnoxious, with a wider range of audio players to use besides. I've also tried copying aplay to greg's $HOME/bin directory, and making that copy suid root, but that gives me the same error message as above, when run by maildrop. I suppose I could make greg own the audio hardware exclusively, but then what about programs like espeak for example, or other users who might need audio access on this system in the future for some reason? Any ideas on securely working around this problem, thus allowing aplay to access the audio hardware when run by maildrop, would be much appreciated, and thanks in advance as always. Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHCbdg7s9z/XlyUyARAtfVAJ45Nbphs7n62Rb1oQjsKtICvDtYtgCeJIOQ yM1jGo0T75JieXjIJ8NaKCY= =6CmV -----END PGP SIGNATURE-----
