Re: hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]
- From: David Zeuthen <david fubar dk>
- To: Martin Pitt <martin piware de>
- Cc: Jeff Waugh <jdub perkypants org>, utopia-list gnome org, Kay Sievers <kay sievers vrfy org>
- Subject: Re: hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]
- Date: Thu, 12 Jan 2006 10:04:25 -0500
On Thu, 2006-01-12 at 15:25 +0100, Martin Pitt wrote:
> I was rather refering to a proper dbus service like RedHat did in
> Network Manager: the 'dhcdbd' backend is a dbus service which can be
> invoked from the user space. It is completely separate code, only has
> a very narrow interface, and does not require to run hald itself as
> root. On top of that it provides flexibility: you can install or
> remove it independently of hal. This is how it should be: only give
> privileges to parts that actually need it (a golden rule for a secure
> architecture).
It's also a boatload of work: creating separate projects, tarballs,
version hell, API stability, concurrency issues.
More importantly, I'd say, you miss the connection with the hardware,
e.g. the hal device object. Today we have an extremely nice interface by
which you can say "this piece of hardware has this functionality; you
can invoke these methods" and any relatively newcomer can go ahead and
send a patch to the HAL list to do this, see e.g.
http://bugzilla.gnome.org/show_bug.cgi?id=309067#c3
Just look at the patch to HAL for adding Mount(), Unmount() and Eject()
methods - I believe it was only a few hundreds line of code.
> AFAICS this mechanism provides everything that is required for proper
> privilege separation, without the need of splitting hald into a root
> and non-root part. David, are there things that would be possible with
> that daemon split, but not with dbus services? Do you still want to
> get that split into hal?
You know, I don't mind getting the split into HAL if it means that you
guys can start shipping a non-crippled HAL. But I still don't see what
the big issue is today.
Btw, I really really wish you guys wouldn't ship a crippled HAL - it's
bad for the community at large and just requires extra work for all
parts including your users. As distributors we should be working
together on solving the problems upstream once and for all.
David
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]