[vorbis-dev] ogg123, Chrismas release

Segher Boessenkool segher at wanadoo.nl
Tue Dec 26 16:30:19 PST 2000



> Anyway, a better solution is to make the audio device group writable
> and make the ogg123 suid to a user in that group.

No need to make the executable sgid if the user is already in the
group. It is the admin's decision, of course, but it would be
futile to even _try_ to audit ogg123, as all of the libraries
it depends on would have to be audited as well. Pretty big job
to do; although it would be useful to audit the Vorbis library,
as there still exist places where overruns or non-initialasations
can occur, if you feed it a bad stream (no default cases on
some switches, sometimes not enough input checking). This is
pretty minor on normal use, but would be a killer if you suid the
executable.

Cheers,

Segher

--- >8 ----
List archives:  http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Vorbis-dev mailing list