Bug 299131 - Pulseaudio daemon uses predictable file name in /tmp
Pulseaudio daemon uses predictable file name in /tmp
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: pulseaudio (Show other bugs)
7
All Linux
medium Severity medium
: ---
: ---
Assigned To: Lennart Poettering
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-20 15:42 EDT by Lubomir Kundrak
Modified: 2008-05-02 10:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-02 10:32:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-09-20 15:42:59 EDT
Description of problem:

Any local user1 can create /tmp/pulse-user2 to effectively prevent user2 from
starting pulseaudio daemon (a local Denial of Service).

Additional info:

/tmp is _not_ the right place for user-specific information that is mean to be
persistent and shared between independent processes. See bug #219281 comment #4
for possible solutions. Apart from those, another solution is using
~/.pulse-hostname. With per-user /tmp which we do not have in supported releases
this problem will disappear.
Comment 1 Lubomir Kundrak 2007-12-20 06:39:07 EST
Ping ping.
Comment 2 Joseph Shraibman 2008-02-15 16:51:25 EST
This is a problem when my kde session doesn't shut down properly and the old
/tmp/pulse-user directory doesn't get removed.  On my next login my sound isn't
working and I don't know why.

This is a problem for me on Fedora 8.
Comment 3 Lennart Poettering 2008-05-02 10:32:51 EDT
This bug has been fixed upstream in the "glitch-free" branch will soonishly
become trunk.

Note You need to log in before you can comment on or make changes to this bug.