[mythtv-users] Running as root
chris at cpr.homelinux.net
chris at cpr.homelinux.net
Fri Sep 29 07:07:14 UTC 2006
On Fri, Sep 29, 2006 at 12:12:03PM +1000, Phill Edwards wrote:
> > 4. Does setting the "sticky bit" (with a chmod +s) allow mythfrontend and
> > mythbackend to attain root privileges whenever they want? And, if so, do
> > these program know when to do this?
>
> That means they run as root no matter which user invoked them. So when
> they run they will always be running as root. You shouldn't need to
> set the stick bit for mythbackend as it gets started from init as
> root.
Technical nit #1: Setting the "SUID bit" (not the "sticky bit",
which is an entirely different concept) means that a program will
be launched with an "effective user id" that is the same as the
file owner. It doesn't mean the program will run as root unless
the file is actually owned by root. If user "foo" has a program
with the SUID bit set and user "bar" runs the program then it will
run with all of the normal priviledges of user "foo".
Technical nit #2: Just because a program has the SUID bit set
doesn't mean it will *always* run as the file owner. Most
applications that use SUID do so in order to open a file or device
which is not available to the general public or to have the ability
to setpriority() to a restricted value. Once that file is open or
the priority has been adjusted there is no longer any need to be
running as that user, so the program does a setuid(getuid()) call
in order to change the effective user ID of the process to be the
same as the person who is actually running the program. A
security-conscious programmer will have that setuid(getuid()) call
as early in the program execution chain as possible, and preferably
before accepting any user input which could result in a buffer
overflow attack.
More information about the mythtv-users
mailing list