Some privilege reduction patches; take #2
Martin Pitt
martin at piware.de
Thu Feb 23 04:57:21 PST 2006
Hi Sjoerd!
Sjoerd Simons [2006-02-23 13:01 +0100]:
> On Thu, Feb 23, 2006 at 12:44:54PM +0100, Martin Pitt wrote:
> > Hi David!
> >
> > David Zeuthen [2006-02-22 16:13 -0500]:
> > > On Tue, 2006-02-21 at 16:26 +0100, Martin Pitt wrote:
> > > > Thanks for considering, and have a nice day!
> > >
> > > Thanks for the patch. I've committed everything
> >
> > Thank you!
> >
> > > except for the addon-storage privilege dropping. I don't really know
> > > what to do there...
> >
> > Me neither unfortunately; udev's flexibility also has it's downsides ;)
> > But with the committed bits, distribution specific customization is
> > trivial, so I think that should be good enough for now.
>
> Maybe we could patch addon-storage to run as user hal by default, but temporary
> raise permissions when it wants to do an open() call?
That would mean that the saved uid had to stay root, which makes the
whole priv reduction quite pointless. :)
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/hal/attachments/20060223/79654715/attachment.pgp
More information about the hal
mailing list