[mythtv] [PATCH] security update for realtime priority
Matt Zimmerman
mdz at debian.org
Tue Nov 2 23:27:21 UTC 2004
On Tue, Nov 02, 2004 at 06:04:24PM -0500, Doug Larrick wrote:
> Matt Zimmerman wrote:
> >Won't this produce a lot of error messages if myth is not running as root?
> >We should continue to support that configuration.
>
> Actually, it doesn't. There's only one call that will fail as non-root,
> and I don't check its return status. The rest are
> allocating/deallocating memory, setting flags, and such -- anybody can
> do that.
Ah, OK. I see now.
Also, the setuid(getuid()) should be the first thing after setting the
capabilities. True, the privileged thread shouldn't actually do anything
until after the process has dropped its uid, but it's good practice to do it
as early as possible for safety with future code changes. This also avoids
any ambiguity with threads and uid changes.
--
- mdz
More information about the mythtv-dev
mailing list