[PlanetCCRMA] the jack permissions conundrum revisited

Jeff Sandys jpsandys at gmail.com
Thu Jul 22 12:03:32 PDT 2010

I am trying to understand this jack permissions conundrum.  You stated:

> - Fedora jack1 packages allows users access to realtime
> scheduling and memory locking only if the user belongs
> to a particular group (jackuser?).

I am not sure this is true.  When I load jack into fedora 13 from
fedora repositories, jackd is in group root and all users have
execution privileges.

>From what I can tell on UbuntuStudio all users can run jack with
realtime without any special groups.

What is the security threat of this configuration, is it an esoteric
problem that no one has figured out how to exploit, or does it open a
vulnerability that we should really worry about?

Does running jack in realtime depend on the RT kernel patch or do you
have the same security issues with the vanilla kernel?

If it is just a matter of creating a jackuser group and changing
jackd's group wouldn't it be easier to just create an instruction
sheet or small script for those who are concerned instead of creating
two versions of jack?

Thanks for your consideration,
-- Jeff

More information about the PlanetCCRMA mailing list