[quoted lines by Didier Spaier on 2017/09/18 at 20:21 +0200] >Only caveat: I am aware that running pulseaudio system wide is >discouraged including for security reasons. Any advice to avoid that or >at least increase security while doing it is very welcome.
My opinion (and that's all it is - my opinion) is that they overstate the security risk. There are two issues I can think of that need to be considered: First: You may not want just anyone to be able to cause sound to come out of the speakers, headphones, etc. I don't think this is a real issue because, as I understand it, a user still needs to be in the pulse-access group in order to send audio to pulse audio so you can control who can do it. Second: There may be bugs within their code. They may be warning against running the pulse audio server as root with system-wide access as a disclaimer so that it's all your fault if they have a bug that allows someone to find and use in order to gain root access to your system and compromise it. -- Dave Mielke | 2213 Fox Crescent | http://Mielke.cc/ Phone: 1-613-726-0014 | Ottawa, Ontario | http://Mielke.cc/bible/ EMail: [email protected] | Canada K2A 1H7 | The Bible is the very Word of God. _______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: [email protected] For general information, go to: http://brltty.com/mailman/listinfo/brltty
