How to change XDG_RUNTIME_DIR permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Apr 9, 2018, 21:35 Simon McVittie <smcv at collabora.com> wrote:

> On Mon, 09 Apr 2018 at 17:27:10 +0000, john terragon wrote:
> > created by the logind service.I want to make the socket of the pulseaudio
> > server of one particular user available to all the others.
>
> This is basically PulseAudio system-wide mode:
>
> https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/
>
> https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/WhatIsWrongWithSystemWide/
>
> ... except worse, because instead of potentially being able to escalate
> privileges to a dedicated system uid that runs the PulseAudio system
> server, you can potentially escalate privileges to the account of
> another user.
>
> I would suggest using the system-wide mode instead: it's a bad idea
> for all the reasons listed in the link above, but seems less bad than
> reinventing it via a user's account.
>

Except for the shared memory part, which I seem to remember has finally
been solved using memfd sealing?

> --

Mantas MikulÄ?nas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180409/0a4cbae7/attachment.html>
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux