On Sun, 2007-07-08 at 21:02 -0400, Hans Deragon wrote: > Greetings. > > > [ Resending with a less annoying title and non signed email; > Please reply to this email instead to start a thread. > My apologies ] > > I would like to propose a new feature. The NetworkManagerDispatcher > should call any scripts found under NM_SCRIPT_DIR (currently hardcoded > to '/etc/NetworkManager/dispatcher.d' directory), regardless of the > owner. Currently, it only executes scripts owned by root. There is no such directory on my Fedora 7 machine. What version of Linux is being used? > > Scripts would be executed with the EUID set to the user owning the > script. This would prevent a user to gain root privileges. But with > this feature, users without any admin privileges could add their own > scripts. For instance, they could set ssh tunnels when getting > connected to a particular network. > > NM_SCRIPT_DIR would have the sticky bit set, like /tmp. From chmod > man page: > > When the sticky bit is set on a directory, files in that directory > may be unlinked or renamed only by the directory owner as well as > by root or the file owner. Without the sticky bit, anyone able to > write to the directory can delete or rename files. The sticky bit > is commonly found on directories, such as /tmp, that are > world-writable. > > Comments are welcomed. > > If my proposal is welcomed, I could give a try coding it and submit a > patch. Instead of calling system() directly, a fork would be > executed, and the child would perform a setuid() call prior calling > system(). One advantage of forking is that the daemon would never > freeze since only the children would call shell commands. Thus if a > shell command loops indefinitely, the main daemon isn't affected. > > > Best regards, > Hans Deragon -- ======================================================================= First there was Dial-A-Prayer, then Dial-A-Recipe, and even Dial-A-Footballer. But the south-east Victorian town of Sale has produced one to top them all. Dial-A-Wombat. It all began early yesterday when Sale police received a telephone call: "You won't believe this, and I'm not drunk, but there's a wombat in the phone booth outside the town hall," the caller said. Not firmly convinced about the caller's claim to sobriety, members of the constabulary drove to the scene, expecting to pick up a drunk. But there it was, an annoyed wombat, trapped in a telephone booth. The wombat, determined not to be had the better of again, threw its bulk into the fray. It was eventually lassoed and released in a nearby scrub. Then the officers received another message ... another wombat in another phone booth. There it was: *Another* angry wombat trapped in a telephone booth. The constables took the miffed marsupial into temporary custody and released it, too, in the scrub. But on their way back to the station they happened to pass another telephone booth, and -- you guessed it -- another imprisoned wombat. After some serious detective work, the lads in blue found a suspect, and after questioning, released him to be charged on summons. Their problem ... they cannot find a law against placing wombats in telephone booths. -- "Newcastle Morning Herald", NSW Australia, Aug 1980. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: [EMAIL PROTECTED]
_______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
