G-P-M on the wrong track?!
martin at piware.de
Mon Oct 17 05:23:18 PDT 2005
Danny Kukawka [2005-10-17 13:22 +0200]:
> On Monday 17 October 2005 10:24, Martin Pitt wrote:
> > Hal can currently run perfectly without root privileges,
> IMO this is not correct. Please take a look at the difference between detected
> devices with and without --retain-privileges option (in my case e.g. 60
> devices without privileges and 71 with).
Yes, sorry, regard my initial post as s/perfectly/well enough/ :-)
> But this is IMO a personal taste.
IMHO not. hal is such a complex program that it would be insane to
assume that it has no vulnerabilities. So in terms of security and
minimal privileges, it should always run as non-root.
> > and it should
> > stay that way. Every task that requires root privileges belongs into a
> > separate program (which might be a daemon, or dbus service) that is
> > small, specific, can be audited, and has a clearly defined an minimal
> > interface to the user.
> General I agree (specially for such big subject area as powermanagement), but
> there are also some little problems where it maybe make sense to have a HAL
> addon to set some propertys for devices to prevent develop a damon only to
> set one property.
A suid root callout (which can only be called by hal) for these things
makes sense. Of course it is still more effort than just throwing the
code into hald itself, but it is worth the effort. It's still less
effort than maintaining an extra source package for a dbus service.
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
More information about the hal