ratchov@ modified sys/dev/audio.c: Add a "record.enable" mixer knob to control recording. When recording is disabled, the device records silence. The control may be modified only by root and defaults to "off", ie. recording is disabled by default. ok florian, deraadt
Nice fail-safe, but makes it so useful stuff gratuitously requires root. Why not a separate device node for recording with its own perms, or just honoring r/w perms correctly??
-
-
OpenBSD uses libsndio/sndiod (audio server), for applications nothing changes except now they record silence by default. It can only be enabled manually via mixerctl, or by creating a /etc/mixerctl.conf file.
-
But it sounds like fs/user permissions can't be used to control access... At least not without some daemon emulating them in userspace.
-
There were a lot of private discussions leading up to this particular design, for OpenBSD libsndio is considered the low level API for sound and not the kernel audio(4) interface, this is very different from say ALSA. Applications never directly open the audio device.
-
Right. Linux has lots of bad security models too that throw away permission system in favor of complex userspace policy (dbus, polkit, pulseaudio, etc.)
-
If a daemon is used, it literally should just use permissions on unix socket paths for access control.
-
Again I'm not too familiar, but I believe it's more complicated then that. sndiod(8) is privsep on OpenBSD, and runs under separate users (_sndio/_sndiop). It uses a cookie for access control. http://man.openbsd.org/sndio#AUTHENTICATION …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.