Logging

A very short section which just doesn't seem to belong anywhere else. Epos supports error logging via syslog (on systems where syslogd is running). At the moment, only (the most of) TTSCP completion codes together with the associated messages can be logged; this includes all abnormal server termination states (except for a plain old fatal signal). If syslog should be available (the syslog.h header file is present), but isn't, the error messages are logged directly to the system console. If the syslog facility is being missed at compilation time, Epos opens a file called hackfile in the current directory whatever it may be and writes some debugging information there instead. The syslog message levels are set according to the table. In all cases, Epos messages are logged with the syslog message levels See also the which may change this behavior for possibly security-related errors, but not network errors. Any debugging output together with error messages etc. is also often logged to /var/log/epos as specified with the Security

This section just summarizes security features of Epos documented elsewhere to assist the administrator in setting up a multi-user installation of Epos, especially in a UNIX-like environment. Epos can be compiled in two ways; either as a simple monolithic binary or as a Text-to-Speech Control Protocol server. For technical reasons (especially the latency), it is strongly recommended to choose the latter method for most situations. TTSCP-related issues Authentication

TTSCP as such includes support for user name and plain text password based authentication. At the moment, Epos doesn't implement any name space for this authentication mechanism, except for a randomly-generated server password. Thus, all connections are either completely anonymous, or authenticated at the "server" level (which can still be restricted from setting or reading specific options.) The server password is stored in /var/run/epos.pwd. Any process with rights sufficient to read this file is able to authenticate as the server over TTSCP. For debugging purposes, it is also possible to force Epos to accept an additional server password with the TTSCP connection handles

In TTSCP, a control connection can issue commands that affect any other connection (e.g. interrupt a command in progress). To prevent malicious use, the handle necessary to refer to a connection is only available to the connection originator, and is generated at random. Consequently, privacy in TTSCP relies on the properties of the underlying network connection and on the length of the data connection handle. Each byte of handle length carries a perplexity of six bits; reasonable handle lengths (as controlled with the restr.ini file

Many TTSCP options are rarely set over TTSCP, and some of them could be used for malicious ends. In these cases, the administrator may restrict their use in the . Note especially that unlisted options can be set freely, and the default Access to the local sound card

At the moment, any TTSCP client is capable of writing arbitrary waveform data to the local soundcard. If you consider this a security risk, disable the Access to the local file system

TTSCP in theory offers file system based input and output modules. For example, that allows the client to write some intermittent product to a server-side file and then the client may decide to use it repeatedly as an input to multiple streams. However, the name space for the files doesn't have to correspond to the file system root of the TTSCP server. With Epos, you can configure the location of the TTSCP name space using the . Furthermore, writing to it is disabled by default; this restriction can be overridden by setting the -- Privileged executables

It is not recommended to run Epos as a setuid or setgid binary, not because of a known security weakness, but because of the possibility of yet unknown bugs. If necessary, Epos should run setgid to a group with minimal privileges. Note also that the local_only option

By default, the TTSCP server only binds to the loopback interface. That way, only local users can see and use Epos. Turn off the