[PATCH] Hal privilige seperation
David Zeuthen
david at fubar.dk
Fri Jan 20 12:20:10 PST 2006
On Fri, 2006-01-20 at 08:13 -0800, Artem Kachitchkine wrote:
> > How does it work? Just before drops it's root privs. a small program is
> > startup which will remain running as root and does the real execution of the
> > addons/probes/callouts on hals behalf.
>
> if hald regained its privileges temporarily before exec'ing
> an addon and dropping them immediately after?
This sounds pretty dangerous; what if I somehow inject code into the
hald process.. then I can become root?
> Also, this assumes that all addons/probes/callouts must run as root.
> What if some of them don't?
Then they drop privileges as the very first thing.
David
More information about the hal
mailing list