hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]
David Zeuthen
david at fubar.dk
Thu Jan 12 18:42:00 PST 2006
Hi,
Please refrain from top-posting, thanks,
On Thu, 2006-01-12 at 13:08 -0500, Phillip Susi wrote:
> You are still completely ignoring the issue of security and have the
> same attitude that Microsoft does, which is to say, that users at the
> console should just log in as root.
>
> There are a million good reasons to worry about security, and there are
> a lot of hal users who do, if you do not, that is your choice, but do
> not claim that nobody should worry about about it.
I can assure you that I care about security.
> One example where a lot of people would worry is with a laptop. A
> business person often walks around with data on their laptop that is far
> more valuable than the laptop itself, which is why they may choose to
> encrypt the hard drive. Someone can steal the laptop and smash it to
> bits, but their data is safe because they encrypted it, but if someone
> can plug in a usb stick that will root the laptop and steal their data,
> and even install a keylogger that can capture other sensitive
> information like passwords, long after the user takes the laptop back
> home and has no idea they are being spied on.
>
> Another example is a photo printing kiosk in a store. The clerks would
> notice someone taking an axe to the kiosk, but the real problem is if
> someone can bring in a usb stick that instead of printing out photos,
> would reconfigure the kiosk to send them copies of everyone's photos.
If you carefully read the thread again I wasn't saying this issue wasn't
serious, but, dude, there's a world of difference between an exploit
requiring physical access and one that doesn't. If an attacker have
physical access you most likely already lost. In other words, if I owned
a photo kiosk I'd kickstart my machines every night. It's that simple.
Hmm.. CVS HEAD of the HAL daemon with the Linux 2.6 backend has around
26K LOC. Suggest that you look at the ~10 million lines of code in the
Linux kernel. They too run with maximum privileges.
Btw, the proposal that will make the Ubuntu/Debian people happy will
*not* fix this problem. A simple patch to the files
hald/linux2/probing/probe-volume.c
hald/linux2/probing/probe-storage.c
will however. Why don't you just send me the patch?
(btw, I think we get this stuff from udev these days so why don't you go
pick on the udev maintainer (Kay) for running /sbin/vol_id as root? Oh,
that is, once you dealt with abusing the kernel people after reviewing
their 10M LOC?)
> If you don't care about security, that's your choice, but you don't
> write software for general public use with that mentality, because some
> people DO care.
You know, personal attacks like this is a great way to piss off free
software maintainers. Thanks for using HAL.
David
More information about the hal
mailing list