Bug 299131

Summary: Pulseaudio daemon uses predictable file name in /tmp
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: pulseaudioAssignee: Lennart Poettering <lpoetter>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 7CC: jks, pierre-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-02 14:32:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-09-20 19:42:59 UTC 
Description of problem:

Any local user1 can create /tmp/pulse-user2 to effectively prevent user2 from
starting pulseaudio daemon (a local Denial of Service).

Additional info:

/tmp is _not_ the right place for user-specific information that is mean to be
persistent and shared between independent processes. See bug #219281 comment #4
for possible solutions. Apart from those, another solution is using
~/.pulse-hostname. With per-user /tmp which we do not have in supported releases
this problem will disappear.
Comment 1 Lubomir Kundrak 2007-12-20 11:39:07 UTC 
Ping ping.
Comment 2 Joseph Shraibman 2008-02-15 21:51:25 UTC 
This is a problem when my kde session doesn't shut down properly and the old
/tmp/pulse-user directory doesn't get removed.  On my next login my sound isn't
working and I don't know why.

This is a problem for me on Fedora 8.
Comment 3 Lennart Poettering 2008-05-02 14:32:51 UTC 
This bug has been fixed upstream in the "glitch-free" branch will soonishly
become trunk.