Darren J Moffat wrote:
> Garrett D'Amore wrote:
>> The process arguments are not interpreted, only passed back out to a
>> mixer panel application so that the end user who wants to adjust the
>> volume associated with a specific application can do so from a common
>> mixer application.
>
> There needs to be a zone check in here so that you don't pass the
> names of commands running in one zone to a mixer running in another.
>
Are we concerned about data leakage here? (I.e. user in trusted zone A
uses this API to pass private information into untrusted zone B?)
Wouldn't a far bigger risk exist simply by using the audio *data path*
to pass data. Since the audio file is generally associated with *real*
hardware, I'd think it would be a really bad idea to make it available
in a zone with a different security label than the global zone. One
could imagine a *lower* security zone having *playback only* (it can
play alert messages for example), but it should probably *never* have
access to the hardware settings, and should probably *never* have access
to record facilities.
Does audio even work properly across zones today? I'm pretty sure it
doesn't work in xVM domU, but I've not tried zones.
I might need to have a separate chat with some security gurus about the
security implications of non-global zones, and what if anything, we
should do about them.
-- Garrett
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
