[mythtv-users] How to use tmdb.pl with MythVideo/MythWeb
Michael T. Dean
mtdean at thirdcontact.com
Sun Apr 5 22:34:12 UTC 2009
On 04/05/2009 06:17 PM, Bobby Gill wrote:
> Yup, I'm aware of that, I should have phrased it better. I am definitely
> *NOT* using SELinux, though.
>
> Andrew is encountering the similar challenge, but *IS* using SELinux, so
> this seems strange to me.
>
> I posted to the Arch forums and a user responded with this:
>
> "The error you are receiving (Insecure dependency in require while running
> setgid) has to do with perl's taint mode. The perl interpreter runs scripts
> in taint mode if you request it with the -T flag or automatically if the
> script file has the setuid or setgid flag set.
>
> Taint mode is meant to be more secure by not trusting any outside input.
> Untrusted input like maliciously crafted user input for example. The setuid
> or setgid bits for files can be turned on with chmod to allow an executable
> to run with the permissions of its owner user or group.
>
> So, according to the error message, you have setgid turned on for the script
> file (or its directory?). Is this necessary for MythTV to work? I've never
> used it. You could also try replacing the top of the perl script with
> something like:"
>
> He then instructed me to modify the first line to -Uw, the same as Robert
> had done earlier in this thread, so no change unfortunately.
http://svn.mythtv.org/trac/ticket/4954
It's because you're running mythfrontend setuid root and mythfrontend is
running MythVideo and mythvideo is running tmdb.pl, so you're running
tmdb.pl in a setuid root environment. TTBOMK, there shouldn't be any
distribution left that requires running mythfrontend setuid root to
achieve real-time scheduling for the display thread, so you should be
able to remove the setuid bit on mythfrontend. See, "Enabling real-time
scheduling of the display thread," at
http://www.mythtv.org/docs/mythtv-HOWTO-5.html#ss5.4 for a bit more.
Note, this also /might/ happen if you run mythfrontend as root directly
(though I don't know for sure). If that's the case and you can't run
mythfrontend as a non-privileged user, you'll have to either add a hack
to the script or to all the command lines that execute tmdb.pl so that
"./" is explicitly in the INC path (using perl's -I argument) or install
MythTV/MythVideoCommon.pm into a "real" directory that's already in the
Perl include path.
Mike
More information about the mythtv-users
mailing list