Closed FieryBinary closed 2 years ago
https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/Developer/AccessControl/
Pulseaudio was not written with security in mind, it runs almost unrestricted in user-context and any app can snoop on another application's audio.
https://madaidans-insecurities.github.io/guides/linux-hardening.html#pulseaudio
PulseAudio is a common sound server, but it was not written with isolation or sandboxing in mind, making it a recurring sandbox escape vulnerability. To prevent this, it is recommended to block access to PulseAudio from within your sandbox or uninstall it from your system entirely. You can use the standard ALSA utilities or PipeWire instead.
You already mentioned how PulseAudio is insecure, and to use standard ALSA utilities instead. However, that might not be feasible for many users.
What do you think of Pipewire? It's written with security in mind, and it works well out-of-the-box. It's still early in development.
Website: https://pipewire.org/