Ludwig Nussel wrote:
> Hi,
>
> I've updated the switch user patch. The user to switch to is a build
> time define now to prevent vdr vom accidently running under the
> wrong uid. Patches for 1.2.6 and 1.3.17 attached.
I'm just looking through this for the next VDR version.
> Index: vdr-1.3.17/Makefile
> ===================================================================
> --- vdr-1.3.17.orig/Makefile
> +++ vdr-1.3.17/Makefile
> @@ -73,7 +73,18 @@ DEFINES += -DPLUGINDIR=\"$(PLUGINLIBDIR)
>
> ifdef VFAT
> # for people who want their video directory on a VFAT partition
> -DEFINES += -DVFAT
> +DEFINES += -DVFALDT
What's the meaning of this?
I can't see any place where VFALDT is actually used.
> +endif
> +
> +ifdef VDR_USER
> +DEFINES += -DVDR_USER=\"$(VDR_USER)\"
> +ifdef VDR_GROUP
> +DEFINES += -DVDR_GROUP=\"$(VDR_GROUP)\"
> +endif
Is it really necessary to have VDR_USER _and_ VDR_GROUP separately?
I'd say VDR_USER should suffice.
> +ifdef WITH_CAPABILITIES
> +DEFINES += -DWITH_CAPABILITIES
> +LIBS += -lcap
> +endif
I assume this means there are systems that don't provide this.
Is there a runtime method to determine the presence of this?
> ===================================================================
> --- vdr-1.3.17.orig/vdr.c
> +++ vdr-1.3.17/vdr.c
> ...
> int main(int argc, char *argv[])
> {
> #ifdef _CS_GNU_LIBPTHREAD_VERSION
> @@ -253,6 +365,23 @@ int main(int argc, char *argv[])
> }
> }
>
> +#ifdef VDR_USER
> +# ifndef VDR_GROUP
> +# define VDR_GROUP NULL
> +# endif
> +
> + if(set_keepcaps() != 0)
> + return 2;
> +
> + if (su(VDR_USER, VDR_GROUP) != 0)
> + return 2;
> +
> + if(set_nokeepcaps() != 0)
> + return 2;
> +
> + set_cap_sys_time();
> +#endif
Am I missing something here, or is the su() call always done,
no matter under which user ID VDR has been started?
Shouldn't this only be done if it was started as 'root'?
Klaus
