Hi,
from VDR's HISTORY file (for v1.3.38):
- The new command line option '-g' must be given if the SVDRP command GRAB
shall be allowed to write image files to disk. The parameter to this
option
must be the full path name of an existing directory, without any "..",
double
'/' or symlinks. By default, or if "-g- is given, grabbing to files is
not allowed any more because of potential security risks.
- Modified the way the SVDRP command GRAB writes the grabbed image to a file
to avoid a security hole (CAN-2005-0071, reported by Javier
Fern?ndez-Sanguino
Pe?a):
+ The file handle is now opened in a way that it won't follow symbolic
links
(suggested by Darren Salt).
+ The given file name is now canonicalized, so that it won't contain any
".." or symlinks (suggested by Darren Salt).
+ Grabbing to files is limited to the directory given in the the command
line option '-g'. By default grabbing to files is not allowed any more.
Regards,
Andreas
On Wednesday 19 April 2006 15:41, Leo M?rquez wrote:
> More info.
> I have noticed this issue using vdradmin and jvdr.
> perhaps this software make the grab command different.
>
> En/na Leo M?rquez ha escrit:
> > I have a problem with I try to grab images.
> > This problem match with vdr version change. I have migrated to 1.3.38
> > I supose that the user vdr has no permission to store the images but I
> > don't know where is trying to save.
> >
> > grab test.jpg
> > 550 Grabbing to file not allowed (use "GRAB -" instead)
> >
> > Any solution?
> > Thanks
> >
> > _______________________________________________
> > vdr mailing list
> > vdr@xxxxxxxxxxx
> > http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
>
> _______________________________________________
> vdr mailing list
> vdr@xxxxxxxxxxx
> http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
--
http://andreas.vdr-developer.org --- VDRAdmin-AM
