[vorbis-dev] ogg123, Chrismas release

Cherniavsky Beni cben at crosswinds.net
Tue Dec 26 02:46:38 PST 2000

Gregory Maxwell wrote:
> On Tue, Dec 26, 2000 at 12:26:03AM +0100, Segher Boessenkool wrote:
> > You would have to audit all of Vorbis itself as well. If people want
> > to make ogg123 suid (to give world/group access to the playing Ogg on
> > the audio device), maybe they should just make the audio device world/
> > group writeable? Are there any _re`l_ problems with that?
> Only when you give your friend shell accounts on your systems. :)

The same for suid ogg123 - your friend can run it with any garbage
input/whatever he wants (if he is _that_ nasty, he would bother to
encode some noise :-).

Anyway, a better solution is to make the audio device group writable
and make the ogg123 suid to a user in that group.

> Making them world readable is less advisable.
> :)

Beni Cherniavsky <cben at crosswinds.net>
                 (also scben at t2,cben at tx in Technion)

  No, No! You're not thinking; you're just being logical.
                                             - Niels Bohr

--- >8 ----
List archives:  http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Vorbis-dev mailing list