[mythtv-users] How to use tmdb.pl with MythVideo/MythWeb

Michael T. Dean mtdean at thirdcontact.com
Sun Apr 5 22:34:12 UTC 2009

On 04/05/2009 06:17 PM, Bobby Gill wrote:
> Yup, I'm aware of that, I should have phrased it better. I am definitely
> *NOT* using SELinux, though.
> Andrew is encountering the similar challenge, but *IS* using SELinux, so
> this seems strange to me.
> I posted to the Arch forums and a user responded with this:
> "The error you are receiving (Insecure dependency in require while running
> setgid) has to do with perl's taint mode.  The perl interpreter runs scripts
> in taint mode if you request it with the -T flag or automatically if the
> script file has the setuid or setgid flag set.
> Taint mode is meant to be more secure by not trusting any outside input.
> Untrusted input like maliciously crafted user input for example.  The setuid
> or setgid bits for files can be turned on with chmod to allow an executable
> to run with the permissions of its owner user or group.
> So, according to the error message, you have setgid turned on for the script
> file (or its directory?).  Is this necessary for MythTV to work?  I've never
> used it.  You could also try replacing the top of the perl script with
> something like:"
> He then instructed me to modify the first line to -Uw, the same as Robert
> had done earlier in this thread, so no change unfortunately.


It's because you're running mythfrontend setuid root and mythfrontend is 
running MythVideo and mythvideo is running tmdb.pl, so you're running 
tmdb.pl in a setuid root environment.  TTBOMK, there shouldn't be any 
distribution left that requires running mythfrontend setuid root to 
achieve real-time scheduling for the display thread, so you should be 
able to remove the setuid bit on mythfrontend.  See, "Enabling real-time 
scheduling of the display thread," at 
http://www.mythtv.org/docs/mythtv-HOWTO-5.html#ss5.4 for a bit more.

Note, this also /might/ happen if you run mythfrontend as root directly 
(though I don't know for sure).  If that's the case and you can't run 
mythfrontend as a non-privileged user, you'll have to either add a hack 
to the script or to all the command lines that execute tmdb.pl so that 
"./" is explicitly in the INC path (using perl's -I argument) or install 
MythTV/MythVideoCommon.pm into a "real" directory that's already in the 
Perl include path.


More information about the mythtv-users mailing list