[PATCH] Hal privilige seperation

David Zeuthen david at fubar.dk
Fri Jan 20 12:20:10 PST 2006


On Fri, 2006-01-20 at 08:13 -0800, Artem Kachitchkine wrote:
> >   How does it work? Just before drops it's root privs. a small program is
> >   startup which will remain running as root and does the real execution of the
> >   addons/probes/callouts on hals behalf.
> 
> if hald regained its privileges temporarily before exec'ing 
> an addon and dropping them immediately after?

This sounds pretty dangerous; what if I somehow inject code into the
hald process.. then I can become root?

> Also, this assumes that all addons/probes/callouts must run as root. 
> What if some of them don't?

Then they drop privileges as the very first thing.

    David




More information about the hal mailing list