Greetings.
[ Resending with a less annoying title and non signed email;
Please reply to this email instead to start a thread.
My apologies ]
I would like to propose a new feature. The NetworkManagerDispatcher
should call any scripts found under NM_SCRIPT_DIR (currently hardcoded
to '/etc/NetworkManager/dispatcher.d' directory), regardless of the
owner. Currently, it only executes scripts owned by root.
Scripts would be executed with the EUID set to the user owning the
script. This would prevent a user to gain root privileges. But with
this feature, users without any admin privileges could add their own
scripts. For instance, they could set ssh tunnels when getting
connected to a particular network.
NM_SCRIPT_DIR would have the sticky bit set, like /tmp. From chmod
man page:
When the sticky bit is set on a directory, files in that directory
may be unlinked or renamed only by the directory owner as well as
by root or the file owner. Without the sticky bit, anyone able to
write to the directory can delete or rename files. The sticky bit
is commonly found on directories, such as /tmp, that are
world-writable.
Comments are welcomed.
If my proposal is welcomed, I could give a try coding it and submit a
patch. Instead of calling system() directly, a fork would be
executed, and the child would perform a setuid() call prior calling
system(). One advantage of forking is that the daemon would never
freeze since only the children would call shell commands. Thus if a
shell command loops indefinitely, the main daemon isn't affected.
Best regards,
Hans Deragon
--
http://www.deragon.biz Open source (contribution):
mailto://[EMAIL PROTECTED] http://autopoweroff.deragon.biz
_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list
