* Klaus Schmidinger schrieb am 30.12.05, um 18:19 Uhr:
I've updated the switch user patch. The user to switch to is a build time define now to prevent vdr vom accidently running under the wrong uid. Patches for 1.2.6 and 1.3.17 attached.
I'm just looking through this for the next VDR version.
Thats really nice to hear.
Index: vdr-1.3.17/Makefile
--- vdr-1.3.17.orig/Makefile +++ vdr-1.3.17/Makefile @@ -73,7 +73,18 @@ DEFINES += -DPLUGINDIR="$(PLUGINLIBDIR)
ifdef VFAT # for people who want their video directory on a VFAT partition -DEFINES += -DVFAT +DEFINES += -DVFALDT
What's the meaning of this? I can't see any place where VFALDT is actually used.
For me this looks like a typo by accident. ;-)
+ifdef WITH_CAPABILITIES +DEFINES += -DWITH_CAPABILITIES +LIBS += -lcap +endif
I assume this means there are systems that don't provide this. Is there a runtime method to determine the presence of this?
Well, you need libcap to be able to use this patch.
+#ifdef VDR_USER +# ifndef VDR_GROUP +# define VDR_GROUP NULL +# endif
- if(set_keepcaps() != 0)
- return 2;
- if (su(VDR_USER, VDR_GROUP) != 0)
- return 2;
- if(set_nokeepcaps() != 0)
- return 2;
- set_cap_sys_time();
+#endif
Am I missing something here, or is the su() call always done, no matter under which user ID VDR has been started? Shouldn't this only be done if it was started as 'root'?
You are completely right, these calls should only be done when root is calling vdr.
I attached the patch which debian and ctvdr use since allmoast one year without bigger drawbacks. (it is based on Ludwig Nussel's patch, but sligtly modified)
Regards, Thomas