Re: [PATCH] udevd - client access authorization

[Greg KH <greg@kroah.com>]

On Thu, Feb 12, 2004 at 01:14:31AM +0100, Kay Sievers wrote:
> On Wed, Feb 11, 2004 at 02:34:32PM -0800, Greg KH wrote:
> > On Wed, Feb 11, 2004 at 04:04:04AM +0100, Kay Sievers wrote:
> > > Here is the badly needed client authorization for udevd.
> > > Since we switched to abstract namespace sockets, we are unable to
> > > control the access of the socket by file permissions.
> > > 
> > > So here we send a ancillary credential message with every datagram,
> > > to be able to verify the uid of the sender. The sender can't fake the
> > > credentials, cause the kernel doesn't allow it for non root users.
> > 
> > Thanks a lot for fixing this up.  I wouldn't want any user to be able to
> > add or remove devices from /dev by just talking through a socket.
> 
> Here is a small improvement. We check for the type of message we receive
> and udevsend seems not to need all the credential setup stuff, the
> kernel will fill it for us.
> 
> udevd now refuses to start as non root, cause it doesn't make any sense.

Applied, thanks.

> Are we changing the mode_t in udev.h to unsigned int now?

I just did that in the tree.

thanks,

greg k-h


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id\x1356&alloc_id438&op=click
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel