In message <[EMAIL PROTECTED]>
Doug Larrick <[EMAIL PROTECTED]> wrote:
> Tom Hughes wrote:
> > The problem appears to be that the kernel now implements setuid
> > properly so that it changes the UID of the process rather than just
> > the current thread so it isn't possible to have a privileged thread
> > anymore.
> >
> > Basically the whole scheme only worked because threads on linux
> > are effectively processes at the kernel level and certain system
> > calls didn't properly take account of that, including setuid.
>
> Good to know. What kernel is this? Matt Zimmerman (rightly) complains
> about the security of the current implementation, as well.
It's the standard FC3 one, the 1.681 build of 2.6.9 at the moment.
I have a test program that check the setuid behaviour and on
a RedHat 9 box only the thread that calls setuid changes but
on an FC3 box both threads change. I haven't tried it on anything
else yet.
> I have a replacement scheme in mind that creates a realtime-priority
> thread for playback at startup before dropping privs, and then reuses
> that thread for all playback. I just need to find the time to work on it.
That would be the obvious alternative.
Tom
--
Tom Hughes ([EMAIL PROTECTED])
http://www.compton.nu/
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
