[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: annoyances with sound/video in Debian.



On Wed, 07 Jun 2006 23:30:44 +0200, Holger Levsen <debian@layer-acht.org> wrote:

On Friday 02 June 2006 12:32, Eduardo Marcel Macan wrote:
AFAIK group audio is there for security, so that in a multiuser,
networked environment random users are not able to open the
microphone input remotely and listen to conversations taking place
around the computer.

in the default debian-installer install, the user which gets created at
installation is added to the audio group. So you have audio and "that
security" as new users per default are not added to the audio group.

 But it is the wrong security model, as it does not fascilitate something
like "xhost +local:", i.e. granting locally logged in users to use the
sound device.  I mean, what contrived use cases do we have where it is
NOT okay for the user at the console to use /dev/dsp?  I am talking about
regular usage, not any real-time scheduling stuff.
 Mixing up the privilege to make sound with the privilege to use real-time
scheduling is not what I want.  I want _any_ user at the console to be able
to make and record sound, but _only_ those in the audio group to do funky
real-time scheduling stuff.  I have to trust those people not to lock up
my system.

 This needs to be adressed, as the current way of doing it is so annoying
that it tempts too many users to subvert it altogether.  A good security
model is something _everybody_ keeps on.

--
Herman Robak



Reply to: