Package: hal Version: 0.5.11-8 Severity: wishlist hal is now required for Xorg's input hotplugging. This is also the only thing I use hal for. I would like to disable all the other functionality. My main concerns are about security:
- hal might change device configurations when a new device is detected. I don't need that and so it should not be done. That's what udev is for. - On my system, there are 3 daemons spawned, that run as root! These are hald-runner, hald-addon-input, hald-addon-cpufreq. I don't want unnecessary root processes, as I don't trust them. I especially don't trust hal daemons, because there doesn't seem to be any documentation available, about what they do. There aren't even man pages. - If I understand correctly, hal can provide access to devices for ordinary users by means of methods and addons. The access is then performed by a privileged process (I guess that's what those root processes do). Access is probably protected by some hal internal policies. Only with a true capability based system is there at least a theoretical chance to make this secure. As Linux doesn't provide this, I'd really rather not have this. It is, however, not easily possible to disable this stuff because the hal package ships with all the fdi files. The only solution I've found so far is to remove /usr/share/hal/fdi/policy, which is not really practical and reverted on a package update. Also disabling these things in /etc/hal/fdi is not practical, because it requires intimate knowledge about hal and the configuration would have to be revised on each update. Would it be possible, to provide a minimal hal package that _only_ provides information about hardware and hotplugging events? All the additional stuff could be provided in an add-on package, which hal would recommend. I think, this could be useful also for others who don't use the GNOME or KDE OS. Cheers, harry -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.27.8 (SMP w/1 CPU core) Locale: LANG=POSIX, LC_CTYPE=de_AT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages hal depends on: ii adduser 3.110 add and remove users and groups ii dbus 1.2.12-1 simple interprocess messaging syst ii hal-info 20090309-1 Hardware Abstraction Layer - fdi f ii libc6 2.9-4 GNU C Library: Shared libraries ii libdbus-1-3 1.2.12-1 simple interprocess messaging syst ii libdbus-glib-1-2 0.80-3 simple interprocess messaging syst ii libexpat1 2.0.1-4 XML parsing C library - runtime li ii libgcc1 1:4.3.3-3 GCC support library ii libglib2.0-0 2.20.0-2 The GLib library of C routines ii libhal-storage1 0.5.11-8 Hardware Abstraction Layer - share ii libhal1 0.5.11-8 Hardware Abstraction Layer - share ii libsmbios2 2.0.3.dfsg-1 Provide access to (SM)BIOS informa ii libstdc++6 4.3.3-3 The GNU Standard C++ Library v3 ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library ii libvolume-id0 0.125-7 libvolume_id shared library ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip ii mount 2.13.1.1-1 Tools for mounting and manipulatin ii pciutils 1:3.1.2-3 Linux PCI Utilities ii pm-utils 1.2.4-2 utilities and scripts for power ma ii udev 0.125-7 /dev/ and hotplug management daemo ii usbutils 0.73-10 Linux USB utilities Versions of packages hal recommends: ii eject 2.1.5+deb1+cvs20081104-5 ejects CDs and operates CD-Changer pn libsmbios-bin <none> (no description available) Versions of packages hal suggests: pn gnome-device-manager <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org