[Bug 17417] Define a security model for requesting access to the MIDIAccess interface from bugzilla@jessica.w3.org on 2012-12-14 (public-audio@w3.org from October to December 2012)

From: <bugzilla@jessica.w3.org>
Date: Fri, 14 Dec 2012 15:09:20 +0000
To: public-audio@w3.org
Message-ID: <bug-17417-5429-zzcTzmSzfI@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17417

Florian Bomers <w3c_bugz@bome.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |w3c_bugz@bome.com

--- Comment #8 from Florian Bomers <w3c_bugz@bome.com> ---
I've always had second thoughts about the fact that MIDI access wasn't governed
by a security manager in Java. After all, an exploit is not impossible: with
MIDI, we're often communicating directly with kernel drivers, and there are
many BAD drivers around. At least a denial of service attack seems possible,
provided that you find a corresponding bug.

Also, MIDI can be used with virtual ports to communicate outside any sandbox.
E.g. http://audiob.us/ on iOS, which started off by using a virtual MIDI port
to transport audio data from app to app in real time (something which is
normally not possible due to the sandbox). However, Apple seems to allow this.

Do audio streams require an explicit acknowledgement of the user?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 14 December 2012 15:09:23 UTC