Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Re: [PATCH 1/5] vpn-util: Create utility file for VPN core and plugins
(Daniel Wagner)
2. Re: [PATCH 0/5] Add VPN utility functions and system user list to
DACPrivileges
(Daniel Wagner)
3. Tech Help ([email protected])
----------------------------------------------------------------------
Date: Fri, 23 Oct 2020 16:49:25 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 1/5] vpn-util: Create utility file for VPN core
and plugins
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Hi Jussi,
> I'd assume that VPN core/plugins would need to create some temporary dirs
> for run-time use only. These are regarded as "safe" I'd say, and use of the
> g_unlink() ensures that user created dir with symlink to some harmful
> location
> is not going to be removed, but only the symlink is, well, unlinked.
Okay, obviously during runtime an attacker could still try to modify
the temp files but well better than nothing :)
> > > If the basename path is an existing dir
> > > permissions and ownership is changed according to the request ones,
> > > otherwise the file is removed and then created, as if it never existed.
> > > g_unlink() is used to handle safe removals of symlink, which also enables
> > > detection of parent dir write permissions - error is returned unless the
> > > dir exists, in which case ownership and permissions are attempted to be
> > > set accordingly.
> > The code looks good. I just would like to have some small explanation
> > why the path filtering is needed. Maybe add this info as comment to the
> > code, as I am sure anyone stumbling over this code will ask the same
> > question :)
>
>
> Thanks, I'll add comment to the code and send v2 of this still today.
Excellent!
Thanks,
Daniel
------------------------------
Date: Fri, 23 Oct 2020 16:49:49 +0200
From: Daniel Wagner <[email protected]>
Subject: Re: [PATCH 0/5] Add VPN utility functions and system user
list to DACPrivileges
To: Jussi Laakkonen <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Hi Jussi,
On Tue, Oct 20, 2020 at 05:29:33PM +0300, Jussi Laakkonen wrote:
> Add vpn-util.c for utility functions for VPN core and plugins to use.
> Implemented:
> - vpn_util_get_passwd() to get struct passwd using user/uid as string
> - vpn_util_get_group() to get struct group using group/gid as string
> - vpn_util_create_path() to create the path for the requested file, and to
> set the ownership and permissions thus, requiring additional capabilities
>
> With the help of vpn_util_create_path() VPNC now can set the pid file to a
> location where the running user can create it. Also, replaced some code in
> vpn.c in favor of using vpn-util.c functions.
>
> Added "SystemBinaryUsers" string list to DACPrivileges group for vpnd main
> config only. This, with the help of the added vpn_settings_is_system_user(),
> a plugin, for example, can check if the user set to run the VPN binary is root
> or other pre-defined system user to determine appropriate action, like it is
> the case with VPNC.
>
> Jussi Laakkonen (5):
> vpn-util: Create utility file for VPN core and plugins
> vpn: Add CAP_CHOWN CAP_FOWNER capabilities for path creation
> vpn-settings: Add SystemBinaryUsers conf option and system user check
> vpnc: Support setting the pid file path to /var/run/user
> vpn: Use util functions for getting uid and gid
All patches applied.
Thanks,
Daniel
------------------------------
Date: Sat, 24 Oct 2020 05:59:27 -0000
From: [email protected]
Subject: Tech Help
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
Hi! I am a tech expert. And following are my sites. Check out my sites below
for any help related to technical/computer stuff.
http://nortonlogins.com
http://aolmailx.com
http://roadrunneremailus.com
http://linksysrouterloginn.com
http://sbcgloballoginn.com
https://sites.google.com/site/noortonlogin/norton-account-faqs
https://sites.google.com/view/aaol-mail/aol-sign-in
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 60, Issue 24
***************************************
