Re: [Utopia] gnome-mount 0.3 is out

Hey Martin,

On Thu, 2006-01-12 at 16:21 +0100, Martin Pitt wrote:
> Hi David!
> David Zeuthen [2006-01-12  9:55 -0500]:
> > There may be a few cases (reading battery info comes to mind) where we
> > need to clean this up too; that's all part of the work of separating
> > hald into two processes - the unprivileged one handling D-BUS requests
> > and the uid 0 one that executes helpers. 
> Sounds fine. I didn't think about the design so far, and I'm not
> intimately familiar with the guts of hal, but does that essentially
> boil down to changing hal_util_helper_invoke_with_pipes() to not
> exec() the helper, but instead send a dbus message to the privileged
> process?

That's about correct. Another thing is that all helpers should live
in /usr/share/hal/scripts/ and the root helper should restrict execution
of stuff outside this location. Hmm.. what about multi-lib, e.g. x86-64?
Is this a problem? /me shrugs

> It should also be decided what is better: forking() hald at the start
> (which would make startup easy, but operation less robust since in
> principle all the code would still be present in the root daemon), or
> a completely separate code base (easier to audit and more robust, but
> more problems with startup), or a hybrid solution (fork/exec the
> unprivileged instance from the privileged one). Personally I'd do the
> last option; David, what do you think?

I'd like the one with just forking at startup - it's less complicated
that way and the root parts of the daemon should be small and thus easy
to audit anyway.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]