[PATCH] Hal privilige seperation

[Artem Kachitchkine]

>>Kernel does not allow unprivileged users to trace/debug/modify 
>>setuid processes - see ptrace(2) man page.
> 
> No one is talking about using setuid binaries here.

Neither do I. I mean root processes that drop privileges using setuid(2) 
system call, which hald presently does. ptrace(2) on hald process will 
fail for unprivileged users even after dropping privileges. You won't be 
able to alter process .text if you're not root.

-Artem.