hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]

Martin Pitt martin at piware.de
Thu Jan 12 08:55:45 PST 2006


Hi!

David Zeuthen [2006-01-12 11:27 -0500]:
> Sigh... If the user is able to insert a USB key to the system, then he
> is also able to wield an axe through it and destroy it that way. Sure,
> let's fix that bug, but, for the love of $DEITY, this is _not_ an attack
> vector that is worth bothering about. 

It is your right to not care about it, but we do.  E. g. I'm sure that
you have already seen one of these nice automata to print photos that
you provide on CD-ROM or an USB stick?

Also, we offer solutions for terminal servers and for multiseat
configurations, and we do not want to rule out the possiblity of
physical security by design. There are people out there whose data is
more valuable than the computer they process them with (as a counter
argument against the slashaxe DoS).

So whether or not you need to worry about this kind of DoS is a matter
of what you want to do with software. As long as you just use your USB
stick at your standard home PC, this is not an issue of course.

> No, I don't want to hear stupid stories about the actual motherboard of
> the system being distant from the terminal.

*shrug* There are just 200 physically locked boxes in the computer lab
of my uni, but I'll shut my mouth.

> It all comes down to who is at the console and what that means. Can you
> understand why I some people think it's crazy to call that an attack
> vector?

I never claimed that this bug caused the sky to fall, it was just an
example that I digged out after 30 seconds of grepping. There are
people with far more free time and h4x0ry skills than me.

But it all depends on how you label hal. If there is a sticker that
says 'Warning! Do not use for physically secured systems', fine for
me. 

> > If your aim is to provide a generally usable hardware abstraction
> > client, then you just need to think about a sane security
> > archtitecture as well; completely neglecting the topic will not help
> > to increase the trust people put into hal. 
> 
> I am _not_ neglecting this topic and I take offense at you saying I do.

I didn't address you, I answered to Kay's email; Sorry if you felt
that this referred to you.

> > I am happy to go through
> > the discussion and help with improving hald, but only if there is
> > actually some interest from upstream's side.
> 
> There is.

Glad to hear that.

Thanks,

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/hal/attachments/20060112/6f7f1f87/attachment.pgp


More information about the hal mailing list