[PATCH] Hal privilige seperation
David Zeuthen
david at fubar.dk
Sat Jan 21 15:35:46 PST 2006
On Sat, 2006-01-21 at 15:25 -0800, Artem Kachitchkine wrote:
> > Also we probably only want to accept
> > connections from uid 0 as an extra check just in case someone guesses
> > the address..
>
> This is especially important for OSes without abstract sockets - which
> is pretty much OS except Linux - where HAL's p2p sockets will actually
> appear in /tmp.
Good point.
> A more portable and secure way to maintain private connections would be
> socketpair(), passing descriptors through fork inheritance. One of these
> days I'll think about adding this to D-BUS.
Cool, this would be really useful
Cheers,
David
More information about the hal
mailing list