[vdr] restricting root of xineliboutput mediaplayer?
phintuka at users.sourceforge.net
Fri Nov 13 13:24:31 CET 2009
Halim Sahin wrote:
> Sorry if my question was not understood currectly.
> I don't want to run sxfe/vdr etc under a chroot env.
> My concerns are about the build-in filebrowser of xineliboutput.
> It should be restricted to a special folder like /media.
> This whould avoid damages to the system :-).
> More ideas?
To prevent modifying system files you should run vdr as normal user
(--user=vdr). Just don't give it write access to any other places
than /media (and /video ?). Of course this doesn't protect VDR config
files and recordings ...
For the file browser you can try attached, untested patch. Add following
line to vdr's setup.conf:
Note that it is not bulletproof ; one can easily bypass the checks with
symlinks, like ln -s / /media/root.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2902 bytes
Desc: not available
More information about the vdr