[PATCH] Hal privilige seperation

[Artem Kachitchkine]

> I was thinking the attack vector would be hald handling a D-BUS message
> in a way that would cause a buffer overflow thus allowing the
> unprivileged caller to execute code in the hal daemon. 

In the alternative I suggested, hald would also run unprivileged most of 
the time, except for a few lines of code that invoke a helper. But it 
would be susceptible to the attack you described, if malicious code 
executes seteuid(0). That's a fair concern and I'm happy with the patch 
as it is.

-Artem.