[vdr] Re: Child protection / access control module

To: vdr@linuxtv.org
Subject: [vdr] Re: Child protection / access control module
From: Malcolm Caldwell <malcolm.caldwell@ntu.edu.au>
Date: 21 Dec 2002 00:00:11 +0930
Content-transfer-encoding: 7bit
Content-type: text/plain
In-reply-to: <3E031E16.F3E1AB6F@cadsoft.de>
Organization:
References: <20021218171239.DADA2149FE1@seneca.muc.de> <3E031E16.F3E1AB6F@cadsoft.de>
Reply-to: vdr@linuxtv.org
Sender: vdr-bounce@linuxtv.org

To protect recordings perhaps the pin interface could work with some
kind of encryption of recordings.  This kind of encryption could be
useful for other purposes  (a user could leave their recordings on a
public ftp server and not worry that someone would get them and steal
them).  For child protection etc. encrypting would protect against
upgrades/reconfiguration accidentally "exposing" protected material.

Or, another method: where vdr is run as root we could use unix users and
setuid or seteeuid could be used when the appropriate pin is entered. 
That way access to recordings could be restricted by unix file
permissions on files or directories.  Access to other things (changing
configs etc) can be likewise protected.  Even access to whole devices
like cd drives etc could protected.  I don't know if this is a good idea
but it is an idea :)

On Fri, 2002-12-20 at 23:11, Klaus Schmidinger wrote:
> Harald Milz wrote:
> > 
> > Hi,
> > 
> > is anyone working on an access control mechanism for the VDR player? I have
> > two little children at home who I would like to see only specific channels
> > at specific times. It should be fairly easy to implement something which
> > controls this depending on the user who authenticates her/himself. I don't
> > mean log in to the machine itself but to vdr.
> 
> I hope to be able to finish VDR version 1.2.0 over the holidays, so there's
> no more time for this before that. But this is something I'm planning to do
> in version 1.3.x.
> 
> I guess there are a few basic things that need to be considered before implementing
> this. For instance, should there be separate PINs for each operation, like "modifying
> the setup", "setting/deleting timers", "deleting recordings", "watching age restricted
> channels/recordings" etc., or should there be _one_ PIN for each user, which can
> be assigned various "rights"? I believe the latter would be better, since each user
> would only have to memorize _one_ PIN and the system administrator could set him/her
> up with whatever VDR uses access control for. From the top of my head I can think
> of things like "Your PIN gives you the right to...
> 
> - modify timers
> - modify the setup
> - access things restricted to "age >= N years" (N = 6, 12, 16, 18; this can be favourite
>   channel lists, individual broadcasts (provided their EPG data includes age information),
>   or recordings (provided the EPG data at the time of the recording contained age info)
> - execute commands
> - anything else we could think of
> 
> What concerns me the most is: when should the PIN be checked?
> Clearly it should be checked, for instance, when a recording is selected for
> playback that has some age restriction. That would be a one time check at the
> start, and that's it. But what if the user wants to zap though the channels?
> should there be a PIN check every time a channel with an age restricted programme
> is encountered? I guess that might make zapping a bit tedious... So, should there
> be a "timeout" for the "validity" of an authorization? Like, if you have entered your PIN you
> may switch channels until you stay with a specific channel for a certain amount of
> time. After that you'll need to re-authenicate yourself. What if you switch to an age
> restricted programme and then turn off the tv (and leave VDR running)? The next person
> who turns on the tv would be able to see the restricted programme without authorization.
> So, should an authorization only be valid as long as the current programme runs?
> 
> I hope this helps to put this thread back on a more technical basis ;-)
> 
> Klaus
> -- 
> _______________________________________________________________
> 
> Klaus Schmidinger                       Phone: +49-8635-6989-10
> CadSoft Computer GmbH                   Fax:   +49-8635-6989-40
> Hofmark 2                               Email:   kls@cadsoft.de
> D-84568 Pleiskirchen, Germany           URL:     www.cadsoft.de
> _______________________________________________________________
> 



-- 
Info:
To unsubscribe send a mail to listar@linuxtv.org with "unsubscribe vdr" as subject.

Follow-Ups:
- [vdr] Re: Child protection / access control module
  - From: Harald Milz <hm@seneca.muc.de>

References:
- [vdr] Child protection / access control module
  - From: Harald Milz <hm@seneca.muc.de>
- [vdr] Re: Child protection / access control module
  - From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>

Prev by Date: [vdr] Re: Child protection / access control module
Next by Date: [vdr] Re: MP3/MPlayer plugin 0.7.9 available (plugin development)
Previous by thread: [vdr] Re: Child protection / access control module
Next by thread: [vdr] Re: Child protection / access control module
Index(es):
- Date
- Thread

Home | Main Index | Thread Index