Policy for storage devices
John (J5) Palmieri
johnp at redhat.com
Thu Oct 14 13:50:50 PDT 2004
On Thu, 2004-10-14 at 16:39 -0400, David Zeuthen wrote:
>
> However, the point of hal is to merge *all* interesting information
> about a device and this does include policy. If and when we get a public
> device information file repository we need to ensure that these files
> doesn't contain policy.
Hmm, interesting point. Perhaps we should jail off policy so that
informational fdi files and policy fdi files can not be contained in the
same file but since policy is keyed off of device information this
wouldn't add that much more security. (i.e. a malicious fdi file
changes all removable media to be marked as internal and get internal
drive privileges). I would guess the best thing to do is if we add a
tool to easily add fdi files to do some heuristics and warn the user if
the fdi file looks fishy. Otherwise the danger is no worse than
installing an untrusted RPM from some random site. You need to be root
to install fdi files so it is a do it at your own risk sort of thing.
--
John (J5) Palmieri
Associate Software Engineer
Desktop Group
Red Hat, Inc.
Blog: http://martianrock.com
_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list