ubuntu-sdk-bugs team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Public bug reported:

13:28 < jdstrand> jhodapp: ok, so, unless there are implementation flaws (which are just bugs that we can fix later on), a malicious app with access to /android/micshm can't do anything to DoS the service or to record in the background, correct?
13:29 < jhodapp> jdstrand: correct, because there technically would be a reader on the Android side always open, but it won't be doing any reads unless triggered by kicking off the recording process
13:34 < jdstrand> jhodapp: could a malicious app could in theory interfere with an app that is already recording?
13:35 < jhodapp> jdstrand: in theory yes...I need to see if I could have the active reader/writer pair open the named pipe exclusively
13:36 < jhodapp> jdstrand: so that only one writer is allowed
13:49 < jdstrand> jhodapp: I think that would be a reasonable security improvement. I won't block adding the rule to policy though. pulseaudio itself isn't particularly great on this point aiui, and it too will need to be hardened
13:49 < jhodapp> jdstrand: indeed...exclusive pipe access would actually be an improvement over how AudioFlinger does it...I'm pretty sure it's using an unprotected pipe

** Affects: qtubuntu-camera (Ubuntu)
     Importance: Undecided
     Assignee: Jim Hodapp (jhodapp)
         Status: New


** Tags: rtm14

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtubuntu-camera in Ubuntu.
https://bugs.launchpad.net/bugs/1340345

Title:
  please use exclusive pipe access for /android/micshm

Status in “qtubuntu-camera” package in Ubuntu:
  New

Bug description:
  13:28 < jdstrand> jhodapp: ok, so, unless there are implementation flaws (which are just bugs that we can fix later on), a malicious app with access to /android/micshm can't do anything to DoS the service or to record in the background, correct?
  13:29 < jhodapp> jdstrand: correct, because there technically would be a reader on the Android side always open, but it won't be doing any reads unless triggered by kicking off the recording process
  13:34 < jdstrand> jhodapp: could a malicious app could in theory interfere with an app that is already recording?
  13:35 < jhodapp> jdstrand: in theory yes...I need to see if I could have the active reader/writer pair open the named pipe exclusively
  13:36 < jhodapp> jdstrand: so that only one writer is allowed
  13:49 < jdstrand> jhodapp: I think that would be a reasonable security improvement. I won't block adding the rule to policy though. pulseaudio itself isn't particularly great on this point aiui, and it too will need to be hardened
  13:49 < jhodapp> jdstrand: indeed...exclusive pipe access would actually be an improvement over how AudioFlinger does it...I'm pretty sure it's using an unprotected pipe

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtubuntu-camera/+bug/1340345/+subscriptions