From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Date: Thu, 12 Feb 2004 01:29:39 +0000 Subject: Re: [PATCH] udevd - client access authorization Message-Id: <20040212012939.GF15983@kroah.com> List-Id: References: <20040211030404.GA16931@vrfy.org> In-Reply-To: <20040211030404.GA16931@vrfy.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Thu, Feb 12, 2004 at 01:14:31AM +0100, Kay Sievers wrote: > On Wed, Feb 11, 2004 at 02:34:32PM -0800, Greg KH wrote: > > On Wed, Feb 11, 2004 at 04:04:04AM +0100, Kay Sievers wrote: > > > Here is the badly needed client authorization for udevd. > > > Since we switched to abstract namespace sockets, we are unable to > > > control the access of the socket by file permissions. > > > > > > So here we send a ancillary credential message with every datagram, > > > to be able to verify the uid of the sender. The sender can't fake the > > > credentials, cause the kernel doesn't allow it for non root users. > > > > Thanks a lot for fixing this up. I wouldn't want any user to be able to > > add or remove devices from /dev by just talking through a socket. > > Here is a small improvement. We check for the type of message we receive > and udevsend seems not to need all the credential setup stuff, the > kernel will fill it for us. > > udevd now refuses to start as non root, cause it doesn't make any sense. Applied, thanks. > Are we changing the mode_t in udev.h to unsigned int now? I just did that in the tree. thanks, greg k-h ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel