Ubuntu

vlc does not run as root

Reported by mia1dolfan on 2008-11-03
2
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: vlc

VLC does not run as root.

root@laptop:~# vlc
VLC is not supposed to be run as root. Sorry.
If you need to use real-time priorities and/or privileged TCP ports
you can use vlc-wrapper (make sure it is Set-UID root first and
cannot be run by non-trusted users first).

Before the peaching starts about running as root, I do it because I can. I choose to run as root because I am r00t! While I appreciate concerns for systems security, I understand the risks of running as a root account. I know Ubuntu does a good job of using non-root, however it's my choice. That's one reason why I don't use Windows, because of the lack of choice. I understand I can compile it myself, but then it wouldn't be in the repo and I wouldn't receive security updates. Again please don't preach all the evils of running as root. Can you compile with future versions with --enable-run-as-root?

Thank you.

Changed in vlc:
importance: Undecided → Wishlist
status: New → Triaged
JB VideoLAN (jb-videolan) wrote :

VLC doesn't run in root because a network media player can be subject to security issue...

Use vlc-wrapper or compile your own VLC...

I really hope that the MOTU Media Team will NOT activate that flag at configure.

Jean-Baptiste Kempf <email address hidden> writes:

> I really hope that the MOTU Media Team will NOT activate that flag at
> configure.

For me, I have no plans to do that, but I wanted to give others the
chance to comment on that, like you just did. I merely just triaged that
bug appropriately.

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

John Dong (jdong) wrote :

Well I agree with j-b that we shouldn't allow VLC to run as root considering its security history. There's a line to draw between offering users the freedom to break their systems and being plain irresponsible to our userbase.

mia1dolfan (mia1dolfan) wrote :

j-b - isn't vlc-wrapper meant for a unprivileged user to access privileged resources? If that's so how can that help me, since I'm running as a privilege user? I already know I can compile myself as I stated on my original post.

John Dong (jdong) wrote :

You shouldn't be running VLC as a privileged user period. Perhaps configure VLC to drop root privs on startup :)

If you're smart enough to run everything as root you should be smart enough to figure out how to do that. This is otherwise unsupported.

Reinhard Tartler (siretart) wrote :

mia1dolfan <email address hidden> writes:

> j-b - isn't vlc-wrapper meant for a unprivileged user to access
> privileged resources?

no. please read its manpage.

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Rémi Denis-Courmont (rdenis) wrote :

Yes, vlc-wrapper is mostly meant to provide a few select resources to unprivileged users.

Then again, the whole Ubuntu is not meant to be used as root, so I don't see VLC not running as root as a legitimate problem.

mia1dolfan (mia1dolfan) wrote :

To be the big deal is the feeling that big brother is dictating what I can or can not do. It's the principal. My beef is with the developers of VLC, not Ubuntu. No harm in asking.

Jonn Dong said: "If you're smart enough to run everything as root you should be smart enough to figure out how to do that." - that's exactly my point, if I'm smart enough run as root, I should be able to run my apps as root!

For those that may stumble upon this post, this is a work-around that worked me, that should survive updates... - change non_priv_user to a username on your box with UID >1000.

root@laptop:~# cat /usr/local/sbin/vlc
#!/bin/sh

user="non_priv_user"
xhost local:$user ; su -c "/usr/bin/vlc $@" $user

I was able to run videos from the command line and nautilus. In KDE 4.1 I had to change the vlc launch command from vlc to /usr/local/bin/vlc for some reason, even though /usr/local/sbin is first in the path.

Regardless my final solution is to uninstall vlc and use mplayer and xine instead.

apt-get purge vlc
apt-get autoremove

--------------------------

"There's a line to draw between offering users...freedom..." - John Doug

John Dong (jdong) wrote :

For reasons already mentioned this is not a bug.

Changed in vlc:
status: Triaged → Invalid

It would be a bug if "ls" or "bash" reported the same message!!!!!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers