[MPlayer-users] Gmplayer with -vo xvidix

P.L.Hayes paul at cityhall.uklinux.net
Sat Apr 5 05:41:51 CEST 2003


Hello, 
	I just subscribed to this mailing list and noticed Rob Berquist's gmplayer 
problem in the archives. I've had the same problem with other programs that 
use the gtk libraries. The gtk lib does not allow you to run it's code with 
the setuid bit on, you get a message telling you to create a helper program 
and a web page url; http://www.gtk.org/setuid.html for further details. 
Unfortunately that page does not tell you how to create the helper program.

	There are two solutions, the first being that you may already have such a 
helper program on your machine, look for progs with helper or wrapper in 
their names. If that doesn't work it is easy to knock one up like so;

Create a file bypassgtk.c with the following innards:

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>

int main(int argc , char **argv) {
	extern char **environ;
	if  (setuid((uid_t)0) == 0){
		printf("Executing mplayer ....\n");
		if (execve("/usr/local/bin/mplayer",argv,environ) != 0);
		perror("Can't exec mplayer");
	}
	printf("Exec mplayer failed\n");
	return 1;
}

Then save it and compile it with "gcc -o gmplayer bypassgtk.c", remove the 
link /usr/local/bin/gmplayer and replace it with the new gmplayer you just 
compiled. Lastly you need to (as root) "chmod u+s /usr/local/bin/gmplayer".
Obviously you need to replace /usr/local/bin with the correct path if it is 
different -- especially in the code above ! 

	You can also copy the new gmplayer to e.g smplayer so that you 
don't need to be root when using xvidix\dga\/dev/rtc but not using the gui.
Finally you can improve security by making gmplayer/smplayer owned by some 
special group (e.g. "chown root.video [gs]mplayer") and executable only by 
members of that group ("chmod o-x,g+x [gs]mplayer"). Use whatever security 
tools you have to ensure that the mplayer binary or the libs it depends on 
aren't trojan'd and you should be ok. If your machine is single user you 
could just put gmplayer/smplayer in your own private bin.
	Cheers, 
		Paul.   



More information about the MPlayer-users mailing list