[MPlayer-dev-eng] [PATCH] Frame stepping (i.e. seeking while paused)
D Richard Felker III
dalias at aerifal.cx
Thu Jul 8 17:33:10 CEST 2004
On Thu, Jul 08, 2004 at 04:42:20PM +0300, Jan Knutar wrote:
> On Thursday 08 July 2004 16:51, D Richard Felker III wrote:
>
> > No, it's basically impossible to make it secure. Remember it has to
> > have root privs to open the vo for some stupid vo's. The solution is
> > not to make mplayer suid at all.
>
> Well, if mplayer needs root to open stupid vo's, then mplayer has to be
> suid. Not suid -> no vo, no joy.
No, the user has to login as root. Making it suid is the equivalent of
making ALL users root, which is much worse than having to "su" up to
root when you want to play a movie.
> If you don't use stupid vo's, then mplayer does not have to be uid 0
> after setting itself realtime and mlocked -> drop privs?
Making mplayer realtime is incredibly dumb since it can and will lock
up the system on bad movies. In fact making any process realtime is
incredibly dumb.
> I know making mplayer secure is possibly quite impossible, but I just
> don't see the logic in saying "MPlayer needs root to open some vo.
> Solution: Don't give it root."
I said don't give it suid.
> Maybe it'd be easier to make a new syscall that would enable mlockall()
> on processes other than the current :-)
That would make a lot more sense. Actually you could do it via /proc:
mmap /proc/[pid]/mem and mlock it.
Rich
More information about the MPlayer-dev-eng
mailing list