On 09.07.2018 14:40, Tanu Kaskinen wrote: > On Sat, 2018-07-07 at 11:48 +0200, Georg Chini wrote: >> On 04.07.2018 12:40, Tanu Kaskinen wrote: >>> We recently changed the umask of the daemon from 022 to 077, which broke >>> module-pipe-sink in the system mode, because nobody was allowed to read >>> from the pipe. >>> >>> module-pipe-source in the system mode was probably always broken, >>> because the old umask of 022 should prevent anyone from writing to the >>> pipe. >>> >>> This patch uses chmod() after the file creation to set the permissions >>> to 0666, which is what the fkfifo() call tried to set. >>> >>> Bug link: https://bugs.freedesktop.org/show_bug.cgi?id=107070 >>> --- >> Should the permissions really be 666? Would not 660 be better, >> so that there is at least some control who may access the pipe? > If the mode were 660, the bug that was reported would not be fixed. In > the system mode the owner and group are "pulse", so nobody would be > able to access the pipe. > > I agree that it's questionable to give everyone access, but that's what > we've always done (or at least we've always given read access, but the > intention has been to give write access as well). OK, then your patch is fine for me. > > If we want to tighten the permissions, that can be done in a separate > patch. > We could make the mode configurable and default to 600 in the > user mode and 666 in the system mode. We could also make the group > configurable with "pulse-access" as the default group, then we could > default to 660 in the system mode. > > We could also remove write access in case of module-pipe-sink and read > access in case of module-pipe-source. >
