[vorbis] Renice ogg123
Tom Felker
tcfelker at mtco.com
Thu Aug 14 23:58:50 PDT 2003
On Friday 15 August 2003 1:32 am, Cameron Patrick wrote:
> This sounds as though it'd have the problem of allowing a normal user to
> overwrite an arbitrary file (possibly including /dev/hda) with an WAV
> file produced by ogg123, and also to read any Ogg file owned by other
> users regardless of file permissions. Ideally you'd want a setuid
> wrapper which bumped up its scheduling priority, gave up root
> priviledges, and forked ogg123.
Yeah, I missed that. Some alternatives: allow "sudo renice", and make a
script to renice ogg123. This also has problems, though you could limit the
nice value. Or, allow "sudo nice -n -5 su nobody -c ogg123", which requires
the file to be world readable. In both cases, I'm assuming control over the
command line that I haven't tested. And of course, if you want to play Oggs,
you probably have physical access, so security is moot.
--
Tom Felker, <tcfelker at mtco.com>
<http://vlevel.sourceforge.net> - Stop fiddling with the volume knob.
I know everything, I just can't remember it all at once.
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis
mailing list