Bug 299131 - Pulseaudio daemon uses predictable file name in /tmp
Summary: Pulseaudio daemon uses predictable file name in /tmp
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: pulseaudio
Version: 7
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Lennart Poettering
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-20 19:42 UTC by Lubomir Kundrak
Modified: 2008-05-02 14:32 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-05-02 14:32:51 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Lubomir Kundrak 2007-09-20 19:42:59 UTC
Description of problem:

Any local user1 can create /tmp/pulse-user2 to effectively prevent user2 from
starting pulseaudio daemon (a local Denial of Service).

Additional info:

/tmp is _not_ the right place for user-specific information that is mean to be
persistent and shared between independent processes. See bug #219281 comment #4
for possible solutions. Apart from those, another solution is using
~/.pulse-hostname. With per-user /tmp which we do not have in supported releases
this problem will disappear.

Comment 1 Lubomir Kundrak 2007-12-20 11:39:07 UTC
Ping ping.

Comment 2 Joseph Shraibman 2008-02-15 21:51:25 UTC
This is a problem when my kde session doesn't shut down properly and the old
/tmp/pulse-user directory doesn't get removed.  On my next login my sound isn't
working and I don't know why.

This is a problem for me on Fedora 8.

Comment 3 Lennart Poettering 2008-05-02 14:32:51 UTC
This bug has been fixed upstream in the "glitch-free" branch will soonishly
become trunk.


Note You need to log in before you can comment on or make changes to this bug.