[mythtv] [PATCH] security update for realtime priority
Matt Zimmerman
mdz at debian.org
Wed Nov 3 01:19:35 UTC 2004
On Tue, Nov 02, 2004 at 06:43:49PM -0500, Doug Larrick wrote:
> Matt Zimmerman wrote:
> >Also, the setuid(getuid()) should be the first thing after setting the
> >capabilities. True, the privileged thread shouldn't actually do anything
> >until after the process has dropped its uid, but it's good practice to do
> >it
> >as early as possible for safety with future code changes. This also avoids
> >any ambiguity with threads and uid changes.
>
> That didn't work for me. Didn't have permission to do the
> pthread_setschedparam. I think dropping root also drops the capability.
The entire point of capabilities is to be able to drop root, while retaining
certain privileges. Something must not be right.
--
- mdz
More information about the mythtv-dev
mailing list