[mythtv] [PATCH] security update for realtime priority
Matt Zimmerman
mdz at debian.org
Tue Nov 2 22:42:11 UTC 2004
Thanks for putting this together.
On Tue, Nov 02, 2004 at 05:01:04PM -0500, Doug Larrick wrote:
> + // Create priveleged thread, then drop privs. Keep this first to
"privileged"
> - int status = pthread_create(&priv_thread, NULL, run_priv_thread, NULL);
> + // create a capabilities mask that's nothing except CAP_SYS_NICE
> + cap_t cap = cap_init();
> + cap_value_t cval = CAP_SYS_NICE;
> + int status = cap_set_flag(cap, CAP_PERMITTED, 1, &cval, CAP_SET);
> + if (status < 0)
> + perror("cap_set_flag (1)");
> + status = cap_set_flag(cap, CAP_EFFECTIVE, 1, &cval, CAP_SET);
> + if (status < 0)
> + perror("cap_set_flag (2)");
> + // silently fail cap_set_proc; we'll get a good message later if not SUID
> + status = cap_set_proc(cap);
> + // thread will be created with CAP_SYS_NICE
> + status = pthread_create(&priv_thread, NULL, run_priv_thread, NULL);
Won't this produce a lot of error messages if myth is not running as root?
We should continue to support that configuration.
> + // Drop back to real user
> setuid(getuid());
> + // get rid of even CAP_SYS_NICE for the rest of execution
> + status = cap_clear(cap);
> + if (status < 0)
> + perror("cap_clear");
> + status = cap_set_proc(cap);
> + if (status < 0)
> + perror("cap_set_proc (2)");
> + status = cap_free(cap);
> + if (status < 0)
> + perror("cap_free");
> +
> + QApplication a(argc, argv);
> +
> + gContext = new MythContext(MYTH_BINARY_VERSION);
Likewise here.
--
- mdz
More information about the mythtv-dev
mailing list