Re: [Utopia] gnome-mount 0.3 is out
- From: David Zeuthen <david fubar dk>
- To: Martin Pitt <martin piware de>
- Cc: Kay Sievers <kay sievers vrfy org>, utopia-list gnome org
- Subject: Re: [Utopia] gnome-mount 0.3 is out
- Date: Thu, 12 Jan 2006 11:08:12 -0500
On Thu, 2006-01-12 at 16:21 +0100, Martin Pitt wrote:
> Hi David!
> David Zeuthen [2006-01-12 9:55 -0500]:
> > There may be a few cases (reading battery info comes to mind) where we
> > need to clean this up too; that's all part of the work of separating
> > hald into two processes - the unprivileged one handling D-BUS requests
> > and the uid 0 one that executes helpers.
> Sounds fine. I didn't think about the design so far, and I'm not
> intimately familiar with the guts of hal, but does that essentially
> boil down to changing hal_util_helper_invoke_with_pipes() to not
> exec() the helper, but instead send a dbus message to the privileged
That's about correct. Another thing is that all helpers should live
in /usr/share/hal/scripts/ and the root helper should restrict execution
of stuff outside this location. Hmm.. what about multi-lib, e.g. x86-64?
Is this a problem? /me shrugs
> It should also be decided what is better: forking() hald at the start
> (which would make startup easy, but operation less robust since in
> principle all the code would still be present in the root daemon), or
> a completely separate code base (easier to audit and more robust, but
> more problems with startup), or a hybrid solution (fork/exec the
> unprivileged instance from the privileged one). Personally I'd do the
> last option; David, what do you think?
I'd like the one with just forking at startup - it's less complicated
that way and the root parts of the daemon should be small and thus easy
to audit anyway.
] [Thread Prev