[PATCH] Hal privilige seperation
Sjoerd Simons
sjoerd at luon.net
Fri Jan 20 03:08:39 PST 2006
Hi,
As most people probably know by now, various people don't really like that
hal running as root. We'd much rather see only a small process running as
root and the main hal process running unpriviledged. Which is exactly what
this patch does :)
How does it work? Just before drops it's root privs. a small program is
startup which will remain running as root and does the real execution of the
addons/probes/callouts on hals behalf. Communication between hald
and hald-runner is done via a p2p dbus connection. Resulting in a process
tree like this:
hal /usr/sbin/hald
root \_ /usr/lib/hal/hald-runner
root \_ /usr/lib/hal/hald-addon-acpi
root \_ /usr/lib/hal/hald-addon-storage
root \_ /usr/lib/hal/hald-addon-storage
The patch consists out of two parts. First the implementation of hald-runner,
which is about 700 lines of code. And then a part transforming the hald code
from the current spawning code in utils to an interface that can talk to the
runner.
For debian people who want to test this, i've upload a hal 0.5.6 package to
experimental with this patch. It's been running on my personal machines fine
for a few days (i.e. vanilla hal with retain privs and patch hal show the
same devices/device informations).
Obviously i don't want to maintain this as a specific patch for Ubuntu and
Debian, so please let me know what issues you see with it, if any.
Sjoerd
--
Before you ask more questions, think about whether you really want to
know the answers.
-- Gene Wolfe, "The Claw of the Conciliator"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/hal/attachments/20060120/303e8783/attachment.pgp
More information about the hal
mailing list