Tried Pulse Audio Again--No Good For A11y
Lennart Poettering
mzerqung at 0pointer.de
Tue Sep 23 13:05:29 UTC 2008
On Mon, 22.09.08 22:07, Les Mikesell (lesmikesell at gmail.com) wrote:
>
> Lennart Poettering wrote:
>> To suspend audio for inactive sessions and only allow audio for active
>> sessions fixes a big security hole.
>
> But it sucks if you are playing music for the room and someone else wants
> to check their email.
Yes, I know that some people don't like that behaviour. We had this
discussion already. I already put it on my TODO list months ago. We
can end this discussion here and now.
>> And it's not just we who fixed
>> this hole like this. Apple for example does it too. And usually Apple
>> is the gold standard of user-friendliness, right?
>
> No, it sucks just as much when itunes does it. You expect that kind of
> stuff from Apple who only has a short history of multi-user machines and
> who would really rather sell you an apple tv or ipod with dock that you can
> dedicate to driving your speakers, though. Linux has always been multi-user
> and doesn't have any such excuses for arbitrarily disconnecting
> devices.
"arbitrarily"?
Oh man. Claiming that things are right because Linux always did it
this way is not very convincing. You never noticed that quite a few
things in Linux haven't been all that shiny right from day 0? Some
things got fixed by now, and this is just another instance.
>> Allowing multiple different users audio device access at the same is a
>> security nightmare. It has been with ALSA dmix. And it is even more so
>> in PA.
>
> Doesn't the kernel have a mechanism for exclusive locks on devices if
> someone wants to have exclusive access? It's not all that difficult to
> eavesdrop on music playing loudly anyway...
Access to audio devices (both OSS and ALSA) is exclusive by default anyway.
>> Far down on my todo list is adding some kind of handover logic between
>> multiple PA instances, so that we can add fading of audio when we
>> switch sessions. This would also allow us to continue playback from
>> inactive sessions if the now active user is OK with that. But this is
>> complex, security-sensitive and not a priority. So don't expect any
>> quick results.
>
> What's the right way to set up a media player service that isn't attached
> to anyone's session?
You can bypass PA if you wish. Or run a specific tailored PA
instance for it. It's up to you.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the fedora-devel-list
mailing list