Re: hald reading block devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2004-08-23 at 08:08 -0400, Alan Cox wrote:
> On Mon, Aug 23, 2004 at 12:50:26PM +0200, David Zeuthen wrote:
> > But.. without access to block devices, how do propose we detect media
> > changes then?
> 
> If you don't have permission you leave it alone would be the obvious answer.
> There is another problem with opening all the devices and polling too. I have
> 17 CD-ROM slots attached to one PC. As they are multichangers it'll take you
> about 2 minutes to poll them all as well as ruining anything they were doing.
> 
> Any multichanger shouldn't be polled this way.
> 

You can just blacklist polling on these using device information files
(property name is storage.media_check_enabled). I don't have a
multichanger and I don't think this is common hardware either so I
haven't been able to blacklist them.

> > Sure, it's an attack vector, however keep in mind that hald uses D-BUS
> > as IPC and D-BUS is specifically designed to be secure and validate the
> > messages that come through.
> 
> and sendmail was formally audited and BR14 had no bugs. Adding attack vectors
> is bad but if HAL only has permissions for the drives it needs then it doesnt
> seem too big a problem.
> 

HAL needs to run as root to invoke callouts. See this diagram

 http://freedesktop.org/~david/hal-spec/hal-spec.html#ov_hal_linux26

and surrounding text for more information, background etc. Presumably we
can move to callouts (such as fstab-sync) to a separate helper process
and by then drop a lot of privileges etc. Until that happens we need to
run as root because the callouts may need privileges.

> > > Also one of my machines is logging the following repeatedly:
> > > Aug 23 20:31:14 community kernel: hdc: packet command error: error=0x50
> > > Aug 23 20:31:14 community kernel: cdrom: open failed.
> 
> Hal is triggering errors trying to open drives with no media. Probably hal
> should keep the CD-ROM open, flip doorlock back off and use ATA media
> sense packets. Thats horrible stuff to do unfortunately.
> 

Sure, care to send a patch to the hal mailing list or some pointers on
how to implement this?

Thanks,
David
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux