[mythtv] 0.16's up on the website.
Matt Zimmerman
mdz at debian.org
Sun Sep 12 21:51:20 EDT 2004
On Sun, Sep 12, 2004 at 07:35:48PM -0400, Doug Larrick wrote:
> Maybe this was on the list already and I missed it... but as the guy who
> wrote the code that runs as root... what security issues are you talking
> about?
I mentioned it on IRC briefly...there are a couple of problems:
1. mythfrontend executes a number of unsafe or risky actions, such as
opening the log file, initializing MythContext, etc. while still holding
root privileges. It should drop root privileges as early as possible.
2. It is fundamentally insecure to have two threads in the same process
running with different effective uids. They share memory, and one thread
can influence another in direct ways to cause arbitrary code to be executed
with the uid of another thread. In particular, I'm fairly sure that the
unprivileged user can still ptrace the unprivileged thread, and thereby gain
access to the memory of the privileged thread.
The right way to do it would be to use POSIX capabilities: when the process
starts, acquire the capability CAP_SYS_NICE, then relinquish root privileges
(retaining the ability to use setpriority() when needed).
--
- mdz
More information about the mythtv-dev
mailing list