Package: jackd Version: 0.99.0-2 Severity: wishlist
While I understand that some audio binaries might need to be setgid audio or something, is there any reason why this binary should be setuid root? -snip- [EMAIL PROTECTED]:~> ls -la /usr/bin/jackstart -rwsr-xr-- 1 root audio 12704 Nov 2 16:03 /usr/bin/jackstart -/snip- Since I can't expunge this package from my system very easily due to the ugly dependency chain currently in place (yes I read your explanation in the other bugs, probably not libjack's fault), it is a bit disturbing that it comes with a setuid root binary that probably doesn't have good input sanity checking... This is just total speculation, but if the jackd binary gives me pretty messages like this: -snip- [EMAIL PROTECTED]:~> jackd -d dummy -r-1 -p-1 -C-1 -P-1 -w-1 jackd 0.99.0 Copyright 2001-2003 Paul Davis and others. jackd comes with ABSOLUTELY NO WARRANTY This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details loading driver .. creating dummy driver ... dummy_pcm|4294967295|4294967295|4294967295|4294967295|4294967295 cannot create shm segment /jck-[32 bit float mono audio] (Invalid argument) cannot create new port segment of -512 bytes, name = /jck-[32 bit float mono audio] (Invalid argument) all 32 bit float mono audio port buffers in use! cannot assign buffer for port DUMMY: cannot register port for capture_1 no ports available! DUMMY: cannot register port for playback_128 jack main caught signal 2 received signal 2 during shutdown (ignored) -/snip- When I give it these nasty input parameters, I don't very well trust a startup script running as root to filter options as they come down. Perhaps I am just paranoid though... Do you think we can nuke that nasty bit? Thanks, tim -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages jackd depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libjack0.80.0-0 0.99.0-2 JACK Audio Connection Kit (librari ii libreadline4 4.3-15 GNU readline and history libraries ii libsndfile1 1.0.10-2 Library for reading/writing audio -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
