There's a big conceptual problem with that approach that I still don't have a satisfying answer for.
Mach is meant to be run as user - I know way too little about security to be trusted to write perfectly safe python code. That's the biggest reason why mach-helper exists, and people tell me that this is indeed the smartest route to take. Of course it'd be easier for me as a programmer to just do everything in python. But if we did, then we'd need a good way of gaining and then dropping privileges for these operations, and I'd still feel very insecure about having written something potentially very harmful.
I've looked for other projects that have similar security issues, but haven't found any of them tackling this particular problem. Suggestions ?
What about the dbus suggestion? Have the client emit dbus events and have a root-running daemon listen for them to do what they wished. That way the suid root binary doesn't need to exist unless you want the daemon to not run as root.
thoughts? -sv