hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]
David Zeuthen
david at fubar.dk
Thu Jan 12 09:07:00 PST 2006
On Thu, 2006-01-12 at 17:55 +0100, Martin Pitt wrote:
> > It all comes down to who is at the console and what that means. Can you
> > understand why I some people think it's crazy to call that an attack
> > vector?
>
> I never claimed that this bug caused the sky to fall, it was just an
> example that I digged out after 30 seconds of grepping. There are
> people with far more free time and h4x0ry skills than me.
It's not that I disagree that a potential glitch in hal/udev could cause
privilege escalation assuming physical access to the system.
But... there's a world of difference from a local exploit that requires
you to be at the console... to one that doesn't require physical.
Calling hal dangerous in that sense is frankly not fair.
You know, there's a bunch of other non-fixable and interesting ways to
get privileges if you have physical access. This is just another one..
one that we can actually fix. Btw, it's even possible today, and have
been for a while, to let the helpers drop privileges. No-one just have
bothered because the attack isn't really that significant.
I don't really have the time, the energy nor the inclination to argue
about this any more. I really do hope to see the patch from you or
Matthew that splits hald into two processes.. with this, we can start
shipping the same code. Only by doing this we can pave the way for e.g.
gfloppy to do useful things using HAL. I'd hate to see Ubuntu do one
thing and Red Hat and Novell another. That would just be a waste of
time.
David
More information about the hal
mailing list