listaccount at e-tobi.net
Tue Apr 11 09:25:14 CEST 2006
If VDR is started with the "-u USERNAME" option to make it change from
root to a less privileged user, VDR first checks with getuid(), if the
current UID is 0 / root. I suggest to change VDR to use geteuid() here
to check for the "effective UID".
Background: In the c't-VDR Debian package, VDR runs with it's own user
"vdr". In order to allow VDR to restart the vdr daemon from within its
commands menu, a small setuid wrapper is used. This wrapper only changes
the effective UID to "root", not the real UID. Because VDR does not
check the effective UID, it will not call SetUserid() and happily runs
with root privileges, even if provided with a username in the "-u" option.
The effectice UID is used to evaluate the privileges of a process to
perform a particular action. So I think it is more correct to let VDR
check this UID, when deciding whether to change to a different user or not.
More information about the vdr