Re: orbit-name-server and esd

From: "Yo 'Ric Dude" <ericmit ix netcom com>
To: "Brandon S. Allbery" <allbery ece cmu edu>
CC: Andrew Clausen <clausen alphalink com au>, raster redhat com, gnome-list <gnome-list gnome org>
Subject: Re: orbit-name-server and esd
Date: Tue, 24 Nov 1998 08:20:27 +0000

"Brandon S. Allbery" wrote:
> 
> In message <3659BABB.F00E0197@alphalink.com.au>, Andrew Clausen writes:
> +-----
> | raster@redhat.com wrote:
> | [snip general discussion of proper esd usage policies
> +--->8
> 
> I'm doing it in the [gx]dm configuration, along with the chown of the console,
> etc.  This is preferable to trying to insure that the user session does it;
> otherwise you're looking at a potential denial of service by a malicious user.
>  (Granting that no sound isn't that serious a DoS, but the concept applies and
> one should be used to thinking in that fashion.)


The proper place for this (for xdm users) is in the 
GiveConsole and TakeConsole scripts.  There is a 
semblance of an esound FAQ out there somewhere that 
has (at least some of) this information in it. 
This is what I do:


in /etc/rc.d/init.d/sound (case start):
-------------------------
/usr/bin/esd &


in /etc/X11/xdm/GiveConsole:
---------------------------
# reset ownership of server
killall -HUP esd ; # or use a saved pid file somewhere...

# set ownership of server to $USER, and lock out foreign clients
su -c "/path/to/esdctl lock" $USER


in /etc/X11/xdm/TakeConsole:
---------------------------
# reset ownership of server
killall -HUP esd; # or use a saved pid file somewhere...

# set ownership of server to root, and lock out foreign clients
/path/to/esdctl lock


NOTE: there is a potential race condition here, as it is 
possible for someone to constantly poll the esd port, 
trying to gain a connection.  A loop may be set up to 
confirm that the esdctl lock actually works, but is left
as an exercise to the user. =)


P.S. Does gdm have corresponding scripts?

> --
> brandon s. allbery      [os/2][linux][solaris][japh]     allbery@kf8nh.apk.net
> system administrator         [WAY too many hats]           allbery@ece.cmu.edu
> electrical and computer engineering
> carnegie mellon university                         (bsa@kf8nh is still valid.)

-- ebm
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
|  __                         a.k.a. Eric B. Mitchell |
|  |_) .  _  _|      _|  _     ericmit@ix.netcom.com  |
|  | \ ( (_ (_| (_| (_| (/_   www.netcom.com/~ericmit |
| How's My Programming?   Call:  1 - 800 - DEV - NULL |
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+

Follow-Ups:
- Re: orbit-name-server and esd
  - From: Brandon S. Allbery
- Re: orbit-name-server and esd
  - From: Robert Bihlmeyer

References:
- Re: orbit-name-server and esd
  - From: Brandon S. Allbery

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]