Audio latency goes full circle [LWN.net]

Audio latency goes full circle

Posted Feb 11, 2005 19:30 UTC (Fri) by otaylor (subscriber, #4190)
Parent article: Audio latency goes full circle

What Jack O'Quin is suggesting is security through wishful thinking.
Either you trust your users to responsibly use real-time scheduling
or you don't. If you do, the supplementary groups approach is
exactly right. If you don't, then you must restrict the capability
using secure, verifiable means.

No approach that involves making well over a million lines of
library code setgid (your app, the toolkit, font handling, Xlib, theme
engines, input methods, etc, etc.) is ever going to meet those
requirements.

Many of the developments in Linux security recently - whether it
be SELinux, exec-shield, or whatever are about providing mechanisms
that reduce the amount of code that could conceivably cause problems.

(Log in to post comments)

Audio latency goes full circle

Posted Feb 11, 2005 19:45 UTC (Fri) by otaylor (subscriber, #4190) [Link]

To follow up to myself, one thing I didn't address:

"Why should it be OK to run GTK as `root', but not as setgid `audio'?"

If you are running a GTK+ program setgid 'audio', then you are
verifiably doing something stupid. If you are running a GTK+ program
as root, you are probably doing so because you, as the user have
root privileges. Now, you could also be running the GTK+ program
as root because someone configured sudo to allow you to do that.
While that is also not a secure configuration, there's no way to
detect it, so we don't.

Just because we can't catch all problems doesn't mean that we
shouldn't catch the ones that we can. If you are determined you
can work around the GTK+ checks. But at least you have to think
about the issues involved.