[PATCH] Hal privilige seperation
Kent Schumacher
kent at structural-wood.com
Fri Jan 20 09:34:14 PST 2006
Artem Kachitchkine wrote:
>
>> How does it work? Just before drops it's root privs. a small program is
>> startup which will remain running as root and does the real
>> execution of the
>> addons/probes/callouts on hals behalf.
>
>
> Does hald-runner exist only so that the addons have a privileged
> ancestor they can inherit privileged uid/gid from? If so, wouldn't it be
> much easier if hald regained its privileges temporarily before exec'ing
> an addon and dropping them immediately after?
>
> Also, this assumes that all addons/probes/callouts must run as root.
> What if some of them don't?
>
> -Artem.
Another issue that needs addressing is that there is a huge difference
between one and many.
If I do a process list and see one hal daemon I can probably remember
that it is supposed to be there.
If instead I see six (or maybe seven, or five) hal processes running
setuid I'm going to have a bit of a problem remembering if all of them
are valid.
More information about the hal
mailing list