[mythtv-users] Running as root

chris at cpr.homelinux.net chris at cpr.homelinux.net
Fri Sep 29 07:07:14 UTC 2006

On Fri, Sep 29, 2006 at 12:12:03PM +1000, Phill Edwards wrote:
> > 4.  Does setting the "sticky bit" (with a chmod +s) allow mythfrontend and
> > mythbackend to attain root privileges whenever they want?  And, if so, do
> > these program know when to do this?
> That means they run as root no matter which user invoked them. So when
> they run they will always be running as root. You shouldn't need to
> set the stick bit for mythbackend as it gets started from init as
> root.

Technical nit #1: Setting the "SUID bit" (not the "sticky bit", 
which is an entirely different concept) means that a program will 
be launched with an "effective user id" that is the same as the 
file owner.  It doesn't mean the program will run as root unless 
the file is actually owned by root.  If user "foo" has a program 
with the SUID bit set and user "bar" runs the program then it will 
run with all of the normal priviledges of user "foo".

Technical nit #2: Just because a program has the SUID bit set 
doesn't mean it will *always* run as the file owner.  Most 
applications that use SUID do so in order to open a file or device 
which is not available to the general public or to have the ability 
to setpriority() to a restricted value.  Once that file is open or 
the priority has been adjusted there is no longer any need to be 
running as that user, so the program does a setuid(getuid()) call 
in order to change the effective user ID of the process to be the 
same as the person who is actually running the program.  A 
security-conscious programmer will have that setuid(getuid()) call 
as early in the program execution chain as possible, and preferably 
before accepting any user input which could result in a buffer 
overflow attack.

More information about the mythtv-users mailing list