[PATCH] Hal privilige seperation

Kent Schumacher kent at structural-wood.com
Fri Jan 20 09:34:14 PST 2006


Artem Kachitchkine wrote:
> 
>>   How does it work? Just before drops it's root privs. a small program is
>>   startup which will remain running as root and does the real 
>> execution of the
>>   addons/probes/callouts on hals behalf.
> 
> 
> Does hald-runner exist only so that the addons have a privileged 
> ancestor they can inherit privileged uid/gid from? If so, wouldn't it be 
> much easier if hald regained its privileges temporarily before exec'ing 
> an addon and dropping them immediately after?
> 
> Also, this assumes that all addons/probes/callouts must run as root. 
> What if some of them don't?
> 
> -Artem.

Another issue that needs addressing is that there is a huge difference 
between one and many.

If I do a process list and see one hal daemon I can probably remember 
that it is supposed to be there.

If instead I see six (or maybe seven, or five) hal processes running 
setuid I'm going to have a bit of a problem remembering if all of them 
are valid.


More information about the hal mailing list