> Pipewire runs under the pipewire user, managed by systemd or OpenRC. Which mea...

shakna · 2025-06-24T08:04:13 1750752253

If you play sound, such as from a browser, or a file you didn't record yourself, then your account is talking to the outside world.

Dylan16807 · 2025-06-24T13:23:48 1750771428

Yes, my account is. It's doing the decoding, not the pipewire account. It's not a cross-account attack that I need to defend from.

Maybe I wasn't clear. I'm saying exactly one account has meaningful exposure to the outside world, and it's the only one with valuable files. Not none, but also not multiple. It's effectively single user from a security perspective.

shakna · 2025-06-25T06:28:21 1750832901

If you have no users for systemd or OpenRC processes somehow, then you're either running a very customised, or non-mainstream build.

In which case your user is in the video group, and a local escape hands over root without any extra effort required.

Dylan16807 · 2025-06-25T08:46:54 1750841214

> If you have no users for systemd or OpenRC processes somehow, then you're either running a very customised, or non-mainstream build.

It's a normal install of linux mint. Resolved and timesyncd are running under systemd users, there's also messagebus, polkitd, kernoops, syslog, avahi, libvirt-dnsmasq, rtkit, colord. And root of course. But pipewire is under my user, and I checked in /etc/passwd that there is no pipewire user or pulseaudio user or any synonym of the word "audio".

> In which case your user is in the video group, and a local escape hands over root without any extra effort required.

But I'm the only real user so if you have to go through my account to get root then root doesn't let you compromise anyone. Which is my point, that an exploit like this is far less meaningful on a system without multiple real accounts.

rob_c · 2025-06-25T11:05:35 1750849535

I'll save you the bother here, you were probably at risk </thread>