My notes on making encrypted filesystems 'Just Work(tm)'
David Zeuthen
david at fubar.dk
Wed Dec 15 13:59:47 PST 2004
On Wed, 2004-12-15 at 13:06 -0600, W. Michael Petullo wrote:
> Okay. Is the specification for this interface complete yet? I would want
> to know if the will be a safe way to transmit a password from hal to
> methods.d/foo. Will hal be able to pass data to foo using pipes? Or will
> parameters be encapsulated into foo's environment? I see two possible
> techniques here, similar to CGI's POST and GET (sensitive information
> should not be transmitted using GET). I'm sure there is other
> possibilities too.
>
Well, my current thinking involves just passing the parameters in the
environment; here's an idea
HAL_METHOD_INTERFACE=org.foo.Bar.Baz
HAL_METHOD_METHOD_NAME=DoTheThing
HAL_METHOD_NUM_PARAM=2
HAL_METHOD_PARAM1_TYPE=string
HAL_METHOD_PARAM1=foobar
HAL_METHOD_PARAM2_TYPE=int
HAL_METHOD_PARAM2=-32
We'd have to figure out how to throw exceptions and do return types.
Does this way of doing it, pose a problem security-wise? Also remember
that root can intercept all messages on the system message bus (which,
incidentally, can be good for auditing).
Cheers,
David
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list