[mythtv-users] How to use tmdb.pl with MythVideo/MythWeb
Michael T. Dean
mtdean at thirdcontact.com
Sun Apr 5 22:34:12 UTC 2009
On 04/05/2009 06:17 PM, Bobby Gill wrote:
> Yup, I'm aware of that, I should have phrased it better. I am definitely
> *NOT* using SELinux, though.
> Andrew is encountering the similar challenge, but *IS* using SELinux, so
> this seems strange to me.
> I posted to the Arch forums and a user responded with this:
> "The error you are receiving (Insecure dependency in require while running
> setgid) has to do with perl's taint mode. The perl interpreter runs scripts
> in taint mode if you request it with the -T flag or automatically if the
> script file has the setuid or setgid flag set.
> Taint mode is meant to be more secure by not trusting any outside input.
> Untrusted input like maliciously crafted user input for example. The setuid
> or setgid bits for files can be turned on with chmod to allow an executable
> to run with the permissions of its owner user or group.
> So, according to the error message, you have setgid turned on for the script
> file (or its directory?). Is this necessary for MythTV to work? I've never
> used it. You could also try replacing the top of the perl script with
> something like:"
> He then instructed me to modify the first line to -Uw, the same as Robert
> had done earlier in this thread, so no change unfortunately.
It's because you're running mythfrontend setuid root and mythfrontend is
running MythVideo and mythvideo is running tmdb.pl, so you're running
tmdb.pl in a setuid root environment. TTBOMK, there shouldn't be any
distribution left that requires running mythfrontend setuid root to
achieve real-time scheduling for the display thread, so you should be
able to remove the setuid bit on mythfrontend. See, "Enabling real-time
scheduling of the display thread," at
http://www.mythtv.org/docs/mythtv-HOWTO-5.html#ss5.4 for a bit more.
Note, this also /might/ happen if you run mythfrontend as root directly
(though I don't know for sure). If that's the case and you can't run
mythfrontend as a non-privileged user, you'll have to either add a hack
to the script or to all the command lines that execute tmdb.pl so that
"./" is explicitly in the INC path (using perl's -I argument) or install
MythTV/MythVideoCommon.pm into a "real" directory that's already in the
Perl include path.
More information about the mythtv-users