hald reading block devices
Alan Cox
alan at redhat.com
Mon Aug 23 12:08:42 UTC 2004
On Mon, Aug 23, 2004 at 12:50:26PM +0200, David Zeuthen wrote:
> But.. without access to block devices, how do propose we detect media
> changes then?
If you don't have permission you leave it alone would be the obvious answer.
There is another problem with opening all the devices and polling too. I have
17 CD-ROM slots attached to one PC. As they are multichangers it'll take you
about 2 minutes to poll them all as well as ruining anything they were doing.
Any multichanger shouldn't be polled this way.
> Sure, it's an attack vector, however keep in mind that hald uses D-BUS
> as IPC and D-BUS is specifically designed to be secure and validate the
> messages that come through.
and sendmail was formally audited and BR14 had no bugs. Adding attack vectors
is bad but if HAL only has permissions for the drives it needs then it doesnt
seem too big a problem.
> > Also one of my machines is logging the following repeatedly:
> > Aug 23 20:31:14 community kernel: hdc: packet command error: error=0x50
> > Aug 23 20:31:14 community kernel: cdrom: open failed.
Hal is triggering errors trying to open drives with no media. Probably hal
should keep the CD-ROM open, flip doorlock back off and use ATA media
sense packets. Thats horrible stuff to do unfortunately.
More information about the fedora-devel-list
mailing list