[MPlayer-dev-eng] [PATCH] adjusting nice level from config/command line

[D Richard Felker III]

On Mon, May 27, 2002 at 02:14:48PM -0400, Brian J. Murrell wrote:
> > i know that very well. but it's not my task to make mplayer secure when
> > running as root, as my patch has nothing to do with it.
> 
> But a simple dropping of privilleges after the nice() call is simple
> enough to do that it should be included in your patch.

No, this is impossible -- it will break subsequent vo initialization
if the user is using DGA, svgalib, etc. There's really no good way to
do it. IMO any vo/ao or other feature that needs root is inherently
broken and should be fixed/removed so that permissions to open a
relevant device node are sufficient.

> >    Become ROOT. DGA needs root access to be able to write directly video
> >    memory. If you want to run it as user, then install MPlayer SUID root:
> > 
> >    (...)
> > 
> >    !!!! BUT STAY TUNED !!!!
> >    This is a BIG security risk! Never do this on a server or on a computer
> >    can be accessed by more people than only you because they can gain root
> >    privilegies through suid root mplayer.
> >    !!!! SO YOU HAVE BEEN WARNED ... !!!!
> 
> This still doesn't explain why DGA is insecure.  It does allude that
> you need root to get DGA and that SUIDing to root is silly with
> MPlayer due to it's lack of security audit.  If that is the only
> issue, then the same thing can be done with that.  Open the channel
> necessary to use DGA, then drop root privilleges.  Or better yet, use
> something like pam-console to give the workstation user permission to
> open the device, or better still yet, use a capability to allow it.

Read my earlier post in this thread for an explanation why none of
this works.

Rich