Yes, my account is. It's doing the decoding, not the pipewire account. It's not a cross-account attack that I need to defend from.
Maybe I wasn't clear. I'm saying exactly one account has meaningful exposure to the outside world, and it's the only one with valuable files. Not none, but also not multiple. It's effectively single user from a security perspective.
> If you have no users for systemd or OpenRC processes somehow, then you're either running a very customised, or non-mainstream build.
It's a normal install of linux mint. Resolved and timesyncd are running under systemd users, there's also messagebus, polkitd, kernoops, syslog, avahi, libvirt-dnsmasq, rtkit, colord. And root of course. But pipewire is under my user, and I checked in /etc/passwd that there is no pipewire user or pulseaudio user or any synonym of the word "audio".
> In which case your user is in the video group, and a local escape hands over root without any extra effort required.
But I'm the only real user so if you have to go through my account to get root then root doesn't let you compromise anyone. Which is my point, that an exploit like this is far less meaningful on a system without multiple real accounts.
Maybe I wasn't clear. I'm saying exactly one account has meaningful exposure to the outside world, and it's the only one with valuable files. Not none, but also not multiple. It's effectively single user from a security perspective.