What is more secure, apulse or PipeWire?

[adrelanos]

For attack surface reduction, security hardening... What is more secure, apulse or PipeWire?

[paulmenzel]

I think, you need to be more specific about the threat model.

[adrelanos]

Thank you for asking!

A) The "simple" "threat model": Applications processing untrusted input (such as web browser, media players) getting exploited due to some specifically crafted audio with the intent to accomplish remote code execution. For example -> web browser -> video -> remote code execution. Or another example: download video -> vlc -> local code execution.

B) The "advanced" "threat model": Local privilege escalation. Already locally running malware attacking apulse / PipeWire to gain additional privileges, most interestingly root rights.