[PATCH] Hal privilige seperation

[Artem Kachitchkine]

>>if hald regained its privileges temporarily before exec'ing 
>>an addon and dropping them immediately after?
> 
> This sounds pretty dangerous; what if I somehow inject code into the
> hald process.. then I can become root?

If anyone could inject code into hald, we'd be screwed in many other 
ways :) Kernel does not allow unprivileged users to trace/debug/modify 
setuid processes - see ptrace(2) man page.

-Artem.