[mythtv-users] Running as root

Dave Sherohman esper at sherohman.org
Thu Oct 5 15:56:47 UTC 2006


On Wed, Oct 04, 2006 at 02:15:13PM -0400, R. G. Newbury wrote:
> Dave Sherohman wrote:
> >> I remain, as usual, bemused by the level of paranoia exhibited in your 
> >> statement...Has anyone actually figured out how it could be possible to 
> >> subvert a mythbox, from having mythfrontend writeable and running suid root?
> > 
> > Most (all?) *nix systems these days are smart enough to remove the
> > suid/sgid flags if a program is modified, so mythfrontend being world
> > writable and suid root wouldn't be an automatic root exploit, but using
> > it to screw over anyone who runs mythfrontend is trivial:

> Your example, deleting the home folder, is something that any user can 
> do. So being/having root has nothing to do with it. The hacker is 
> already in and is just messing around. I want to focus on the explicit 
> differences which arise because mythfrontend is being run by root as 
> distinct to the generalized 'danger' of running as root...

Quite correct.  But if you look back over my posts in this thread,
you'll see that I've never said anything against running myth as root,
only that making it world-writable is crazy.  I have also (in the
paragraph quoted above) specifically pointed out that modifying/replacing
the myth binary would generally remove the suid flag, which would cause
it to *not* run as root.  So I agree with you - "being/having root has
nothing to do with it."

> Or are you suggesting that it is the singular fact that, under
> the described circumstances, mythfrontend is 'rwx' by the world as
> distinct to 'r-x'.

My previous message concluded with "suid or not, world-writable
executables are just asking for trouble"; how could I have made it more
clear that world-writable is the problem I'm referring to, not suid?

> Under the 'normal' setup, mythfrontend belongs to the user mythtv...so
> he does not need to su to try to fix it.

The suid flag causes an executable to run with the permissions of its
owner, so, to get mythfrontend to run with root permissions, it would
have to be owned by root, not the mythtv user.  Granted, the situation
as described has mythfrontend world-writable, so the mythtv user would
still be able to work on that particular component of the system without
needing to su to root, but that's a small subset of the overall system
and may not be the first place that a troubleshooter looks.

> Again, the hacker is ALREADY
> IN. This example pre-supposes that the hacker gets in as user mythtv,
> and must use a key-logger to get root password.

Minor correction:  The examples I gave in my previous message pre-supposed
that an attacker was already in as *any* non-root user, not just the
mythtv user.  This could come about through an exploit in any network-
facing service as well as through cracking a legitimate account.

-- 
I would rather be exposed to the inconvenience attending too much Liberty
than those attending too small degree of it.
  - Thomas Jefferson


More information about the mythtv-users mailing list