Hi! Brian Tarasinski [2005-03-08 15:02 +0100]: > There is an obvious problem with the current default setup of HAL: The > hald deamon is configured to drop its privileges and use the restricted > user "hal", the udev config files are designed to use that user as well.
This is not a problem, it is a feature. :-) > The problem is that fstab-sync, which is called by hald to edit the > fstab according to hal events, inherits the restricted privileges and > thus is unable to edit fstab. fstab-sync is an insane idea, it should just die. Are you sure that you really need/want it? pmount is supposed to do the same job as fstab-sync, but with a much saner and safer approach. > I hack-fixed that by setting fstab-sync suid root, but of course this is > not a better idea than redesigning the whole hald back to full > provileges (both could be considered as unnecessary security risks). At least in the past, hal had so many buffer overflows that it was not a security risk, but a concrete threat. Probably there are still many overflows today, but now we do not need to care about them any more since the impact of vulnerabilities is confined to the hald process. From a security POV it is still a better approach to have setuid wrappers as callouts than to run the whole daemon as root. However, just setting fstab-sync setuid root is completely wrong and dangerous; fstab-sync must be redesigned if it shall be safe to run setuid-root. > Other ideas would be to allow group "hal" to edit fstab (would be > rather unusual and radical) Dynamically editing crucial system-wide configuration files is not a good idea, regardless of the way you modify them. > Anyway, the problem is simple, but it breaks the chain. Usability > depends a lot on dynamic hardware mounting. Agreed :-) If you install and run gnome-volume-manager, then you already have all the automounting magic. There is a similar project for KDE in discussion/preparation, which will also wrap around pmount. If you use a different window manager, you can still use pmount directly. Have a nice day, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
