audio permissions quandary

Gregory Nowak greg at romuald.net.eu.org
Mon Oct 8 00:51:44 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.

I want to do something simple, I want to have my local mail delivery
software, maildrop, play a sound, depending on from who a particular mail
message arrives. Simple, right? Well, not really, as I'll describe
below.

Maildrop runs suid root, -rwsr-xr-x 1 root daemon 162208 May 18 01:35
maildrop, which its author says is safe, and in fact encouraged for
a couple of reasons, since maildrop takes on the uid/gid of the user whose
mailbox it's delivering mail to. I have verified this, by writing up a
small program that outputs the uid, gid, effective uid, and effective
gid, and I ran this program inside my $HOME/.mailfilter, and it does
get run as user greg, and group greg, effective and otherwise.

So, coming back to what I want to do, I have in my $HOME/.mailfilter
several if statements, each of which invokes aplay to play a specific
sound file. When user greg, who has access to the audio group, runs
aplay from the shell prompt, everything works as expected. However,
when aplay gets run by maildrop, I get no sound, and the below
message:

ALSA lib confmisc.c:769:(parse_card) cannot find card ''
ALSA lib conf.c:3510:(_snd_config_evaluate) function
snd_func_card_driver returned error: No such device
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:3510:(_snd_config_evaluate) function snd_func_concat
returned error: No such device
ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name
ALSA lib conf.c:3510:(_snd_config_evaluate) function snd_func_refer
returned error: No such device
ALSA lib conf.c:3982:(snd_config_expand) Evaluate error: No such
device
ALSA lib pcm.c:2144:(snd_pcm_open_noupdate) Unknown PCM default
aplay: main:545: audio open error: No such device

Although user greg has access to the audio group, it seems that
maildrop, and any other programs that get invoked from it, run only as
user greg, group greg. What it boils down to is that aplay doesn't
have access to the audio hardware, when it is run by maildrop. I have
thought of a couple solutions for this, but don't like what I've come
up with so far.

1. Make aplay run suid root, which actually does work, in terms of
playing audio when aplay is run by maildrop. However, this approach is
problematic. At best, anyone with an account on this system can decide
to annoy me by playing stuff via aplay on the system. This activity
would piss me off sooner or later, (probably sooner), resulting in
the suspension of the culprit's account. At worst, someone can
exploit a future security whole in aplay, and gain access on the
system as root.

2. Another solution is to make the audio hardware writable to everyone
on the system. While this would solve the problem of future possible
security wholes in aplay, it would still mean that anybody with an
account here could be obnoxious, with a wider range of audio players
to use besides.

I've also tried copying aplay to greg's $HOME/bin directory, and
making that copy suid root, but that gives me the same error message as
above, when run by maildrop. I suppose I could make greg own the audio
hardware exclusively, but then what about programs like espeak for
example, or other users who might need audio access on this system in
the future for some reason? Any ideas on securely working around this
problem, thus allowing aplay to access the audio hardware when run by
maildrop, would be much appreciated, and thanks in advance as always.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHCbdg7s9z/XlyUyARAtfVAJ45Nbphs7n62Rb1oQjsKtICvDtYtgCeJIOQ
yM1jGo0T75JieXjIJ8NaKCY=
=6CmV
-----END PGP SIGNATURE-----




More information about the Speakup mailing list