[MPlayer-dev-eng] [PATCH] Frame stepping (i.e. seeking while paused)
D Richard Felker III
dalias at aerifal.cx
Fri Jul 9 03:03:24 CEST 2004
On Thu, Jul 08, 2004 at 02:06:20PM -0700, rcooley wrote:
> On Thu, 8 Jul 2004 09:51:28 -0400
> D Richard Felker III <dalias at aerifal.cx> wrote:
>
> > Remember it has to have root privs to open the vo for some stupid
> > vo's.
>
> Umm... But opening the VO can be done rather early, then privs could be
> dropped. Or are you saying that some VOs somehow require you to be root
> the entire time you're writing to them?
By the time the vo is opened, there are countless opportunities for
arbitrary code execution as the user running mplayer. The only
acceptable way to make a program suid is to have it only do _very_
trivial processing of the input from the user invoking the program, or
to have it obtain the restricted resources before processing _any_
input and then fully drop root. If a program cannot meet these
conditions (and MPlayer will never be able to) then it should not be
suid root. Plain and simple.
Rich
More information about the MPlayer-dev-eng
mailing list