[PATCH] Hal privilige seperation

Artem Kachitchkine Artem.Kachitchkin at Sun.COM
Fri Jan 20 13:59:49 PST 2006


>>Kernel does not allow unprivileged users to trace/debug/modify 
>>setuid processes - see ptrace(2) man page.
> 
> No one is talking about using setuid binaries here.

Neither do I. I mean root processes that drop privileges using setuid(2) 
system call, which hald presently does. ptrace(2) on hald process will 
fail for unprivileged users even after dropping privileges. You won't be 
able to alter process .text if you're not root.

-Artem.


More information about the hal mailing list