Sunday, January 22, 2006

HAL, on the wrong way?!

In the last time, the HAL development is on a unclear way. Is HAL a Hardware Abstraction Layer or a 'All-in-one-big-black-hole'? It's not only the discussion on the HAL list about implement power management related active code (e.g. set/control cpufreq) which give me the impression that the project is on a wrong way.

Currently there are several people which try to implement all things in HAL only because they will not (or not be able to) implement their needed things in a clean, small and effective programm or daemon - simply in the UNIX way.

The discussion between the g-p-m maintainer and other pm-related people (including the powersave developers) is only one example for this. Instead of develop a powermanagement daemon with a DBUS interface or to define a DBUS interface for all pm-daemons or much more easier: use a existing daemon, they implement parts of this in HAL (as e.g. calls for suspend/standby/set brightness ...) - this is not a solution for anything. An other example is adding methodes for reboot and shutdown in HAL. Now we have one more place (HAL dbus configuration) where we need to change settings if we want to disallow the user to shutdown the machine (as e.g. on SLES/NLD). Thanks!

But the screwiest idea is to add Format() and PartitionDisk() to HAL to allow unprivileged users to format volumes and to partition disks. There are good reasons why this is only allowed
privileged users. You can't allow a unprivileged user to format a device which he not own. You can't as user delete/access files on a device you not own, but you can format the disk? This is not only screwy, this is really stupid and break all exstining securtity and permission concepts.

I can understand that there are use-cases where the user would be able to format a floppy (also if I think floppys are obsolete ... we should drop support floppydisks ;-) ) or his FAT usbstick without root-password, but how often is this needed? Once per month or week? Sorry, but in this cases it's o.k. to use sudo/su or a solution like YaST.

If we get such bypasses in HAL, and allow everything to everyone, only because some people think "input root password is extremely unintuitive and user don't grok it", then we could also set all permissons to 777, drop HAL and all security concepts. In this case, I wait for the first linux-viruses which use HAL methodes to format your disk without need root permissions (maybe only because the HAL dbus config is not aligned on the environment). Windows lets greet and if it's in HAL it is also used by someone.

I would suggest: Think more about sense and nonsense before implement such (unneeded) security breaking features and work on really important things as e.g. needed hardware abstraction, ..., stability and speed of HAL.