Tried Pulse Audio Again--No Good For A11y
Lennart Poettering
mzerqung at 0pointer.de
Tue Sep 23 12:59:27 UTC 2008
On Tue, 23.09.08 00:35, Gregory Maxwell (gmaxwell at gmail.com) wrote:
> >> 5.) While I paplay, I try to go Ctrl-Alt-F1. While I'm not prevented
> >> from doing so, paplay believes it should pause playing while I'm away
> >> from the gui tty. Now, who's the genius that figured out this
> >> "feature?"
> >
> > I did. And it actually is a feature. It fixes a long standing security
> > issue.
> [snip]
>
> I'm missing how write access (as opposed to read/recording) to an
> audio device creates a material security vulnerability. It seems that
> the majority of the complaints are that playback stops and that it
> surprises the user. Recording stopping may also be surprising, but
> it's easy to explain the security argument there.
It's true that being able to eavesdrop in your record streams is a
bigger security hole than just eavesdropping what you play. Nonethless
it's still a hole: they'd still be able to listen to one direction of
your voip call, and they'd still be able to play a fake stream that
you might then end up trusting.
We already had this discussion here twice or more times. I do believe
the right way is to suspend audio when we switch sessions by
default. I also acknowledge that it is valid for users to put security
second and have audio continue to play. In fact and as I already
mentioned, I have this on my TODO list, but way down.
I am always happy to take patches BTW. If this feature is important to
you the best thing to make it happen is actually write the code
yourself!
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the fedora-devel-list
mailing list