Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: CoreMIDI and sudo ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CoreMIDI and sudo ...

Subject: Re: CoreMIDI and sudo ...
From: Doug Wyatt <email@hidden>
Date: Tue, 24 Sep 2002 14:33:27 -0700

On Monday, Sep 23, 2002, at 18:46 US/Pacific, John Lazzaro wrote:

Doug Wyatt <email@hidden> writes:

I'd be glad to consider suggestions for how to improve this behavior
without creating security issues.

One possible fix, I vaguely recall one of the setuid()-related
calls lets a process drop its effective UID privileges and take on its
actual UID privileges. If a CoreMIDIServer checked its effective and
real UIDs on takeoff, discovered the sudo case, and dropped root
permanently, does this make the Mach ports visible to new processes
with the actual UID?

Maybe. I'll have to do some reading as I investigate this and Herbie's suggestions.

I assume the more general solution (a single CoreMIDIServer daemon
that launches on system startup, and manages the MIDI hardware for
all processes from all users) was considered and rejected early on.

Yes, it's important to us to allocate system resources on an as-needed basis.

Thanks!

Doug

--
Doug Wyatt
work: email@hidden (CoreAudio)
personal: email@hidden http://www.sonosphere.com
_______________________________________________
coreaudio-api mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/coreaudio-api
Do not post admin requests to the list. They will be ignored.

References:
	>Re: CoreMIDI and sudo ... (From: John Lazzaro <email@hidden>)

Prev by Date: Re: Discussion [MIDI USB X-Files Episode]
Next by Date: Re: Discussion [MIDI USB X-Files Episode]
Previous by thread: Re: CoreMIDI and sudo ...
Next by thread: Re: coreaudio-api digest, Vol 2 #239 - 3 msgs
Index(es):
- Date
- Thread