[PATCH] [RFC] Always run hald as non-root

Sjoerd Simons sjoerd at luon.net
Mon Feb 7 15:07:13 PST 2005


Hi,

  Since i seem to be in an extreme mood anyway, attached it is a patch that
  will make hal always drop permissions to non-root. Also it removes keeping
  the net admin capability as it's not being used anymore. 

  I think it's the right way to do things. There should be no reason to run
  hald as root ever and forcing it from the start of the development cycle is
  a good way of ensuring that :)

  It would also be nice to have the addons that need to start out as root (like
  the ups one) drop permission as soon as possible (one can never be too
  sure)... Probably a utility function would be nice for that, but i don't know
  where to place it (as the addons and probers live in different dirs)

  Sjoerd
    PS tomorrow, i'll go back to normal patches again, i promise :p
-- 
You have to run as fast as you can just to stay where you are.
If you want to get anywhere, you'll have to run much faster.
		-- Lewis Carroll
-------------- next part --------------
? indent.pro
Index: hald/hald.c
===================================================================
RCS file: /cvs/hal/hal/hald/hald.c,v
retrieving revision 1.22
diff -u -r1.22 hald.c
--- hald/hald.c	31 Jan 2005 20:06:39 -0000	1.22
+++ hald/hald.c	7 Feb 2005 23:05:40 -0000
@@ -237,13 +237,11 @@
 static int startup_daemonize_pipe[2];
 
 /** Drop all but necessary privileges from hald when it runs as root.  Set the
- *  running user id to HAL_USER and group to HAL_GROUP and grant the following 
- *  capabilities: CAP_NET_ADMIN
+ *  running user id to HAL_USER and group to HAL_GROUP
  */
 static void
 drop_privileges ()
 {
-    cap_t cap;
     struct passwd *pw = NULL;
     struct group *gr = NULL;
 
@@ -261,12 +259,6 @@
 	exit (-1);
     }
 
-    /* keep capabilities and change uid/gid */
-    if( prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
-	HAL_ERROR (("drop_privileges: could not keep capabilities"));
-	exit (-1);
-    }
-
     if( initgroups (HAL_USER, gr->gr_gid)) {
 	HAL_ERROR (("drop_privileges: could not initialize groups"));
 	exit (-1);
@@ -281,20 +273,6 @@
 	HAL_ERROR (("drop_privileges: could not set user id"));
 	exit (-1);
     }
-
-    /* only keep necessary capabilities */
-    cap = cap_from_text ("cap_net_admin=ep");
-
-    if(cap_set_proc(cap)) {
-	HAL_WARNING (("Your kernel does not support capabilities; some features will not be available."));
-	/* we do not fail on kernels which do not support capabilities, since
-	 * only very few features actually depend on them */
-    }
-
-    if(cap_free (cap)) {
-	HAL_ERROR (("drop_privileges: cap_free"));
-	exit (-1);
-    }
 }
 
 
@@ -309,7 +287,8 @@
 {
 	GMainLoop *loop;
 	guint sigterm_iochn_listener_source_id;
-
+  
+  drop_privileges();
 	openlog ("hald", LOG_PID, LOG_DAEMON);
 
 	g_type_init ();
@@ -328,7 +307,6 @@
 			{"daemon", 1, NULL, 0},
 			{"verbose", 1, NULL, 0},
 			{"help", 0, NULL, 0},
-			{"drop-privileges", 0, NULL, 0},
 			{NULL, 0, NULL, 0}
 		};
 
@@ -362,8 +340,7 @@
 					usage ();
 					return 1;
 				}
-			} else if (strcmp (opt, "drop-privileges") == 0)
-				drop_privileges ();
+			}
 			break;
 
 		default:
-------------- next part --------------
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal


More information about the Hal mailing list