[mythtv-users] mythfilldatabase autorun config file location error

R. G. Newbury newbury at mandamus.org
Wed Oct 18 22:33:05 UTC 2006 

Michael T. Dean wrote:
> On 10/17/06 17:12, R. G. Newbury wrote:
> 
>>>>
>>> The most common reason to be lacking a HOME environment variable is 
>>> because an init script (which is not executed under a login shell) 
>>> starts mythbackend and doesn't go to the trouble of setting up the 
>>> environment correctly.
>>>
>> Verrrryyy interesting. Firstly, I always run mythfilldatabase as root 
>> and it runs fine!
>> Under Fedora, at least, the $HOME variable is taken from the /etc/passwd 
>> file, and set by 'login' on logging in.
>>  
>>
> But, only when "logging in".

>> I would think that the only way to get running without a $HOME 
>> environment variable set would be to bypass login somehow.
>>  
>>
> Right, like by having an init script--which is not executed under a 
> login shell--start mythbackend.  TTBOMK, this is what the FC start 
> scripts do.
Ahh, I brain-faded past the difference between a shell and a login shell.
Of course, the inits are really running as a 'kernel shell' if one had 
to give a name to them.


> If that works I suspect that chown and chgrp of mythfilldatabase may be 
>> sufficient to avoid the problem referred to above.
>>  
>> Although I still do not understand why 'running mythfilldatabase root is 
>> not a good idea'.
>> This is a myth.
>>
> 
> If you run a program as user mythtv, and it has a 
> bug/exploit/failure/whatever, it can destroy the mythtv user's data.  If 
> you run a program as user root, and it has a 
> bug/exploit/failure/whatever, it can destroy the entire system (or even 
> do other more nefarious deeds).  That is not a myth--I'd be happy to 
> provide you an example program if you'd like to test it.  :D  (I think 
> I'd call the program, 
> "I_cant_believe_I_convinced_you_to_install_and_run_myrootkit".)

The first 2 cases involve problems with the program itself. If 
mythfilldatabase blows up, the data it is most likely to kill is the 
mythconverg database. And it does not matter whether it was 'mythtv' or 
as 'root' that launched the program.
I will allow that, *in general* a runaway bug in a program COULD do more 
damage if running under root than when running under a user.
I will allow that this may make a difference if the box is used for 
other purposes besides being run purely as a mythbox, I would not allow 
my secretary to run as root

But the third case has NOTHING to do with the program being run, OR the 
user it is run as. If you do some 'social engineering' to convince me to 
install a rootkit, IT DOES NOT MATTER WHAT USER I AM...Your rootkit 
bypasses/circumvents the user login and makes YOU root, whether or not I 
was running as root or as mythtv. And it is not an artifact of my user 
status which causes the problem... It is as we say in sailing, a failure 
of the nut holding the tiller (or PEBKAA... persistant error between 
keyboard and ass****.)

THAT particular sort of risk has NOTHING to do with either the program 
or the user level. If the program is malicious or uses an exploit to 
make itself so, then it can probably (about 90% I believe) be 
upgraded/enhanced (or downgraded/seduced depending on your point of 
view) to give full root privileges.

So, do I think that mythfilldatabase is dangerous? NO, so running it as 
root is no more dangerous in this context than running it as mythtv 
user. Are all programs in that category... unfortunately no. But if I 
only load proframs fromFedora, mythtv, lirc, atrpoms or livna, Im 
reasonanbly safe.

Would you like to explicate further on why it is not a good idea to run 
mythfilldatabase as root, confining your reasoning to the difference 
between doing so as root and doing so as mythtv?

> 
> Or, come to think of it, there's a commonly available example program by 
> the name of Windows...

Amd for those who run windows just remember that like BTDT (been there, 
done that) there will be VWBW  (Vista Will Be Worse)....


Once read a great article about how to fix blue-screen crashes in 
Windows...the answer was:  'format c' followed by 'insert CD with funny 
penguin logo', reboot!.

              R. Geoffrey Newbury			
            Barrister and Solicitor
       Suite 106, 150 Lakeshore Road West
          Mississauga, Ontario, L5H 3R2

         o905-271-9600 f905-271-1638
           newbury at mandamus.org

        Helping with the HTTP issue
<a href="http://www.w3.org/Protocols/">HTTP</a>

More information about the mythtv-users mailing list