Remove sudo dependency
#18
Assignees
Labels
breaking change
Changes to public functions that are not backwards compatible
dependencies
Pull requests that update a dependency file
documentation
Improvements or additions to documentation
Comments
daniil-berg
added
documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To somewhat mitigate the potential security vulnerability that comes from running third-party programs like
ffmpegas sub-processes, we currently provide thecheck_userconfig option that makes Videbo launch those sub-processes withsudo -u <check_user> <command>.This is not a particularly elegant way to solve the underlying issue and forces Videbo to rely specifically on
sudoas a dependency for this functionality.There are different sandboxing tools out there (e.g. Bubblewrap) that could be used to run those programs more safely and we should leave the choice to the user.
The entire
check_userlogic and the config option should be removed.sudoshould be removed as requirement from the documentation. Instead a working example configuration with something like Bubblewrap should be provided to demonstrate how a more secure setup could look.The text was updated successfully, but these errors were encountered: