[mythtv] mythvideo DB enhancement
Daniel Kristjansson
danielk at cuymedia.net
Wed Jan 9 21:06:42 UTC 2008
On Wed, 2008-01-09 at 15:46 -0500, Chris Pinkham wrote:
> I don't remember, but think that the current filetransfer code would
> probably allow grabbing a file from a subdirectory if you issue the
> filetransfer request in subdirectroy/filename.png format. I don't
> think I put any particular code in the StorageGroup's FindRecording*()
> methods that would prohibit and I don't remember any in MainServer's
> filetransfer code. I think the issue we had was with allowing the
> filetransfer code to transfer _any_ readable file. If a user points
> a SG at /etc/ and allows someone to snag their /etc/passwd and
> /etc/shadow files because they are running mythbackend as root, then
> that is their problem. :) I don't see any reason to not let the
> filetransfer stuff send files in the subdirectory/filename format.
You would have to check for "//", "..", and symlinks in the path. You
can't realistically check for hardlinks; but neither MythTV, nor any
of the contrib scripts, create hardlinks.
-- Daniel
More information about the mythtv-dev
mailing list