hald reading block devices

David Zeuthen david at fubar.dk
Mon Aug 23 10:50:26 UTC 2004 

On Mon, 2004-08-23 at 20:33 +1000, Russell Coker wrote:
> The latest version of hald wants to read all block devices of the 
> form /dev/hd? .  Why is this?  Can we make it stop?
> 
> I would prefer not to grant read access to the hard disks in the SE Linux 
> configuration 

We don't poll all block devices, that not true, we only poll a subset of
those that relate to hardware. Specifically we blacklist IDE drives (bug
130232). In the next release hald will also respect the contents of the
removable file in sysfs.

But.. without access to block devices, how do propose we detect media
changes then?

> (it means that an exploit on the hald would grant access to all 
> data on the machine).
> 

Sure, it's an attack vector, however keep in mind that hald uses D-BUS
as IPC and D-BUS is specifically designed to be secure and validate the
messages that come through.

> Also one of my machines is logging the following repeatedly:
> Aug 23 20:31:14 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:14 community kernel: cdrom: open failed.
> Aug 23 20:31:16 community kernel: hdc: packet command error: status=0x51 
> { DriveReady SeekComplete Error }
> Aug 23 20:31:16 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:16 community kernel: cdrom: open failed.
> Aug 23 20:31:18 community kernel: hdc: packet command error: status=0x51 
> { DriveReady SeekComplete Error }
> Aug 23 20:31:18 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:18 community kernel: cdrom: open failed.
> Aug 23 20:31:20 community kernel: hdc: packet command error: status=0x51 
> { DriveReady SeekComplete Error }
> Aug 23 20:31:20 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:20 community kernel: cdrom: open failed.
> Aug 23 20:31:22 community kernel: hdc: packet command error: status=0x51 
> { DriveReady SeekComplete Error }
> Aug 23 20:31:22 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:22 community kernel: cdrom: open failed.
> Aug 23 20:31:24 community kernel: hdc: packet command error: status=0x51 
> { DriveReady SeekComplete Error }
> Aug 23 20:31:24 community kernel: hdc: packet command error: error=0x50
> Aug 23 20:31:24 community kernel: cdrom: open failed.
> 

Never seen this with my optical drives, you might want to file a bug
against the kernel or hal (depending on where the bug is).

David

More information about the fedora-devel-list mailing list