light
light copied to clipboard
perkele1989
Pluginsystem, split light into library/executable
Plugins to install new enumerators. Modules will be installed to /usr/lib/light/enumerators/, which will be automatically iterated over on program start, loading any modules residing in that directory. Optimally requires light to be split into a library and executable, to let plugins reuse as much code as possible from light.
I think we should be careful when implementing this. Since light is running with root privileges by default (as far as I understand – feel free to correct me if I'm wrong), and we're basically blindly executing potentially untrusted code here, this imposes a certain security risk.
I was thinking about forking to drop privileges before before executing a plugin, but that could be a problem since the modules might need to write to sysfs files as well. Anyways, just wanted to float this out there.
Edit: just realized that you're only talking about enumerators here, so forking might work after all.
Eh, plugins may want/need root privs too. I see the security hole you're pointing out, but a lot of applications already work like this. I do not think that this will be a problem for users in practice. Light can operate without root as well, so that is an option for paranoid people.
light doesn't even sanitize its environment. that would be a first step if there is a serious desire to keep the setuid bit around.
@CameronNemo I might get buried in that kinda stuff if I ever find time. Right now it's not really a priority (for me).
Until then, feel free to open an issue on the matter and maybe even make a pull request (IIRC you even have a fork, lifting those fixes into this project may also be beneficial of course.)