Tried Pulse Audio Again--No Good For A11y

Lennart Poettering mzerqung at 0pointer.de
Tue Sep 23 13:05:29 UTC 2008 

On Mon, 22.09.08 22:07, Les Mikesell (lesmikesell at gmail.com) wrote:

>
> Lennart Poettering wrote:
>> To suspend audio for inactive sessions and only allow audio for active
>> sessions fixes a big security hole.
>
> But it sucks if you are playing music for the room and someone else wants 
> to check their email.

Yes, I know that some people don't like that behaviour. We had this
discussion already. I already put it on my TODO list months ago. We
can end this discussion here and now.

>> And it's not just we who fixed
>> this hole like this. Apple for example does it too. And usually Apple
>> is the gold standard of user-friendliness, right?
>
> No, it sucks just as much when itunes does it.  You expect that kind of 
> stuff from Apple who only has a short history of multi-user machines and 
> who would really rather sell you an apple tv or ipod with dock that you can 
> dedicate to driving your speakers, though. Linux has always been multi-user 
> and doesn't have any such excuses for arbitrarily disconnecting
> devices.

"arbitrarily"?

Oh man. Claiming that things are right because Linux always did it
this way is not very convincing. You never noticed that quite a few
things in Linux haven't been all that shiny right from day 0? Some
things got fixed by now, and this is just another instance.

>> Allowing multiple different users audio device access at the same is a
>> security nightmare. It has been with ALSA dmix. And it is even more so
>> in PA. 
>
> Doesn't the kernel have a mechanism for exclusive locks on devices if 
> someone wants to have exclusive access?  It's not all that difficult to 
> eavesdrop on music playing loudly anyway...

Access to audio devices (both OSS and ALSA) is exclusive by default anyway.

>> Far down on my todo list is adding some kind of handover logic between
>> multiple PA instances, so that we can add fading of audio when we
>> switch sessions. This would also allow us to continue playback from
>> inactive sessions if the now active user is OK with that. But this is
>> complex, security-sensitive and not a priority. So don't expect any
>> quick results.
>
> What's the right way to set up a media player service that isn't attached 
> to anyone's session?

You can bypass PA if you wish. Or run a specific tailored PA
instance for it. It's up to you.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net         ICQ# 11060553
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the fedora-devel-list mailing list