Re: hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]



Martin Pitt wrote:
> Hi Kay!
> 
> Kay Sievers [2006-01-12 12:25 +0100]:
>> (You probably ask, cause Ubuntu has the weird idea of running HAL
>> unprivileged. 
> 
> It's not weird; letting the complete daemon run as root would make it
> the central point of attack and failure. We cannot support a
> distribution release for 3 or 5 with such a gaping potential source of
> vulnerabilities and problems.
> 
> We had this discussion several times ([1] is the last one known to
> me), and it seems that neither side can convince the other, so I do
> not see a point of these snide statements.
> 
> (Also, it's not only Ubuntu; Debian has it, too, and running it
> unprivileged is even the upstream default up to now.)
> 
> FWIW, I would happily accept the privilege separation architecture
> that was planned long ago. Matthew Garret and I talked about this
> yesterday, and I hope that I can find some time to actually implement
> it.
> 
> Thanks,
> 
> Martin,
> (who still does not understand why everybody else seems to ignore
> dbus' wonderful way of separating privileges with dbus services and
> instead uses the old centralized daemon way.)
> 
> [1] http://bugzilla.gnome.org/show_bug.cgi?id=324207
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> utopia-list mailing list
> utopia-list gnome org
> http://mail.gnome.org/mailman/listinfo/utopia-list

As the Gentoo maintainer for HAL, pmount, dbus, g-v-m, g-p-m, and the
rest of the mess of applications.

I'm going to have to agree with Martin here.

Gentoo has not run HAL as a privileged user since the 0.4.x releases.
And nor will I make the change to a privileged user for the reasons
Martin listed.


-- 
Doug Goldstein <cardoe gentoo org>
http://dev.gentoo.org/~cardoe/

Attachment: signature.asc
Description: OpenPGP digital signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]