Some privilege reduction patches; take #2

Martin Pitt martin at piware.de
Thu Feb 23 04:57:21 PST 2006


Hi Sjoerd!

Sjoerd Simons [2006-02-23 13:01 +0100]:
> On Thu, Feb 23, 2006 at 12:44:54PM +0100, Martin Pitt wrote:
> > Hi David!
> > 
> > David Zeuthen [2006-02-22 16:13 -0500]:
> > > On Tue, 2006-02-21 at 16:26 +0100, Martin Pitt wrote:
> > > > Thanks for considering, and have a nice day!
> > > 
> > > Thanks for the patch. I've committed everything 
> > 
> > Thank you!
> > 
> > > except for the addon-storage privilege dropping. I don't really know
> > > what to do there...
> > 
> > Me neither unfortunately; udev's flexibility also has it's downsides ;)
> > But with the committed bits, distribution specific customization is
> > trivial, so I think that should be good enough for now.
> 
> Maybe we could patch addon-storage to run as user hal by default, but temporary
> raise permissions when it wants to do an open() call? 

That would mean that the saved uid had to stay root, which makes the
whole priv reduction quite pointless. :)

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/hal/attachments/20060223/79654715/attachment.pgp


More information about the hal mailing list