Patch to allow for privacy-protected /proc
Martin Pitt
martin.pitt at ubuntu.com
Wed Dec 2 15:32:03 PST 2009
Johannes Bauer [2009-12-02 19:43 +0100]:
> Your code also suggest that this problem was anticipated: support for
> initgroups(2) was not completely removed, but made conditional (with the
> variable controlling its call hardcoded to 0).
It actually had a wildly different background. In its early childhood,
hald ran as unprivileged system user with some extra groups which
allowed it device access (such as a "plugdev" group to mount USB
sticks), at least on some distros. Those were the days... :-)
It was never meant to be used for privacy reasons, and it would feel a
bit overkill and a step backwards to me to introduce a new system
group for /proc, when we have worked hard to eliminate the need for
most of these groups now.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the hal
mailing list