hald reading block devices
David Zeuthen
david at fubar.dk
Mon Aug 23 12:52:39 UTC 2004
On Mon, 2004-08-23 at 08:08 -0400, Alan Cox wrote:
> On Mon, Aug 23, 2004 at 12:50:26PM +0200, David Zeuthen wrote:
> > But.. without access to block devices, how do propose we detect media
> > changes then?
>
> If you don't have permission you leave it alone would be the obvious answer.
> There is another problem with opening all the devices and polling too. I have
> 17 CD-ROM slots attached to one PC. As they are multichangers it'll take you
> about 2 minutes to poll them all as well as ruining anything they were doing.
>
> Any multichanger shouldn't be polled this way.
>
You can just blacklist polling on these using device information files
(property name is storage.media_check_enabled). I don't have a
multichanger and I don't think this is common hardware either so I
haven't been able to blacklist them.
> > Sure, it's an attack vector, however keep in mind that hald uses D-BUS
> > as IPC and D-BUS is specifically designed to be secure and validate the
> > messages that come through.
>
> and sendmail was formally audited and BR14 had no bugs. Adding attack vectors
> is bad but if HAL only has permissions for the drives it needs then it doesnt
> seem too big a problem.
>
HAL needs to run as root to invoke callouts. See this diagram
http://freedesktop.org/~david/hal-spec/hal-spec.html#ov_hal_linux26
and surrounding text for more information, background etc. Presumably we
can move to callouts (such as fstab-sync) to a separate helper process
and by then drop a lot of privileges etc. Until that happens we need to
run as root because the callouts may need privileges.
> > > Also one of my machines is logging the following repeatedly:
> > > Aug 23 20:31:14 community kernel: hdc: packet command error: error=0x50
> > > Aug 23 20:31:14 community kernel: cdrom: open failed.
>
> Hal is triggering errors trying to open drives with no media. Probably hal
> should keep the CD-ROM open, flip doorlock back off and use ATA media
> sense packets. Thats horrible stuff to do unfortunately.
>
Sure, care to send a patch to the hal mailing list or some pointers on
how to implement this?
Thanks,
David
More information about the fedora-devel-list
mailing list