[mythtv-users] Preemptive Kernel Patch
Aaron Stewart
acs at hourglassone.com
Tue Feb 18 12:50:25 EST 2003
Why not use sudo to handle this? It would be the appropriate way to do
it, and mimizes security risk:
# useradd mythvuser
((no password))
Change /etc/sudoers and add the following line:
mythtvuser ALL = NOPASSWD: /usr/local/bin/mythstart
(where /usr/local/bin/mythstart is your startup script, owned by root,
and chmod u+rx).
I use a similar tactic to allow VMWare to access /dev/dsp through the
artsdsp wrapper.
Cheers,
Aaron
-----Original Message-----
From: mythtv-users-bounces at snowman.net
[mailto:mythtv-users-bounces at snowman.net] On Behalf Of Nathan Poznick
Sent: Tuesday, February 18, 2003 12:26 PM
To: Discussion about mythtv
Subject: Re: [mythtv-users] Preemptive Kernel Patch
Thus spake Monty Walls:
> Sure you can, just might not be smart, plus may require some fiddling
> with the actual code. Since the only user is me, and it's
> not an externally exposed box (inside a firewalled, NATed network), it
> might be an acceptable risk...
Actually, many systems disable the ability to use a setuid shell script.
npozni at ripcord:~$ cat script
#!/bin/bash
ls -l /
sleep 30
npozni at ripcord:~$ ls -l script
-rwsr-xr-x 1 root root 30 Feb 18 14:09 script*
(user npozni runs ./script)
If the script was running setuid, it would show up as running as root in
the process listing...
npozni 18405 0.2 0.2 2060 960 pts/4 S 14:09 0:00 /bin/bash
./script
npozni 18407 0.0 0.1 1708 452 pts/4 S 14:09 0:00 sleep 30
One way to get around this is to write a very simple C wrapper program
which is setuid, and serves no purpose other than to exec the intended
shell script.
--
Nathan Poznick <poznick at conwaycorp.net>
To swallow and follow, whether old doctrine or new propaganda, is a
weakness still dominating the human mind. - Charlotte P. Gillman
_______________________________________________
mythtv-users mailing list
mythtv-users at snowman.net
http://www.snowman.net/mailman/listinfo/mythtv-users
More information about the mythtv-users
mailing list