Shutdown hooks running with euid=root
Thomas Schmidt
tschmidt at debian.org
Sun Feb 10 11:50:24 UTC 2008
Hi,
* Tobias Grimm schrieb am 28.01.08, um 19:12 Uhr:
> While checking an add-on Malte Forkel is currently working on, I became
> aware, that VDR runs the Shutdown-Hooks always as root (through the
> wrapper script). Wouldn't it be safer to just run the shutdown-command
> with the setuid-wrapper-script? Or even better - don't run anything as
> root at all and instead let the default shutdown command e.g. be "sudo
> halt", so the system admin must explicitly give the user vdr the right
> to execute shutdown via sudo?
Well, if i remember correct, we more or less discussed this when we
changed the vdr-package to run as user vdr, of course we could use
"sudo" but the disadvantage would be that the system could not be shut
down and nvram-wakeup probably also would not work without some
changes that need to be done by the user. Personally i would not have
a problem with changing this, if you think it would be the better
approch, feel free to change it. :)
Regards,
Thomas
--
Thomas Schmidt, Debian VDR Team
http://pkg-vdr-dvb.alioth.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vdr-dvb-devel/attachments/20080210/4f52fd09/attachment.pgp
More information about the pkg-vdr-dvb-devel
mailing list