[Security] socket access granted to users outside auth-group

Placing the following in /etc/pulse/default.pa

load-module module-native-protocol-unix auth-group=pulseaudio socket=/tmp/pulseserver

and freshly logging in a user session, I find /tmp/pulseserver to have the following permissions:

srwxrwxrwx 1 user user 0 Sep 4 15:14 pulseserver

The socket is indeed accessible by everyone on the system! Group pulseaudio exists on my system, pulseaudio is started with default config, not in system mode (there is no error in the log file associated with socket creation).

This is a security issue, I expect pulseaudio to set the right permissions when creating a socket file! The following should be done:

1). The created socket should NEVER be rwx to the world, except in the case of auth-anonymous=1

2.) Socket creation should fail if pulseaudio fails to set the appropriate permissions

Tested with pulseaudio 12.0 on Debian sid, default configuration.

Edited Sep 04, 2018 by Esokrates

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

[Security] socket access granted to users outside auth-group