[PATCH] Hal privilige seperation
David Zeuthen
david at fubar.dk
Fri Jan 20 13:55:40 PST 2006
On Fri, 2006-01-20 at 13:48 -0800, Artem Kachitchkine wrote:
> >>if hald regained its privileges temporarily before exec'ing
> >>an addon and dropping them immediately after?
> >
> > This sounds pretty dangerous; what if I somehow inject code into the
> > hald process.. then I can become root?
>
> If anyone could inject code into hald, we'd be screwed in many other
> ways :)
The whole reason for Sjoerd's patch is to restrict the amount of damage
an attacker can do.
> Kernel does not allow unprivileged users to trace/debug/modify
> setuid processes - see ptrace(2) man page.
No one is talking about using setuid binaries here.
David
More information about the hal
mailing list