everyone is allowed to call so
org.freedesktop.Hal.Device.SetProperty*
Joe Shaw
joeshaw at novell.com
Sat Sep 25 08:05:05 PDT 2004
On Sat, 2004-09-25 at 12:47 +0200, Sjoerd Simons wrote:
> I noticed that currently everyone is allowed to call the SetProperty* dbus
> methods on org.freedesktop.Hal.Device. Is this really a good id, i think
> applications should be able to trust the information hal provides. Which this
> basically undermines imho.
One of the items in the TODO is to limit the ability for anything to
call SetProperty. One idea is to let outsiders only set user.*
properties. Another is to have hal.conf (more likely a hal.conf.d
directory) allow apps to drop in a configuration rule which makes a
certain binary trusted. The princple downside to this is that verifying
the caller would require the daemon be run as root.
So, yeah, you're right: it's not the safest thing in the world right
now, and it's something that will need to be fixed before HAL is
production quality.
Joe
_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list