Please review my package
Jonas Smedegaard
dr at jones.dk
Thu Jul 5 19:49:50 UTC 2012
On 12-07-05 at 08:36pm, wbrana wrote:
> > - - why are you setting setuid permissions in the postinst script?
> > this is a security hazard (and if you do it to gain realtime
> > priviliges, then it is no-longer needed and deprecated for a while, in
> > favour of pam_limits)
> According to http://linux.die.net/man/5/limits.conf
> it is possible to enable low niceness for all processes started by
> all/some user(s),
> but it isn't possible to limit it to mplayer_nice if started by any user
That doesn't change that it is a security hazard!
Don't run user apps as root!
Don't implement super-user features in user apps - implement it
separately, and make it optional to use it.
Here are some ways to handle realtime priviledges:
ulatencyd
linux-image-rt-* + rtirq-init
rtkit
libpam-cgroup
libpam-cap
jackd2 + /etc/security/limits.d/audio.conf
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20120705/e42bc68e/attachment-0001.pgp>
More information about the pkg-multimedia-maintainers
mailing list