-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There was nothing wrong with the original request -- I just personally have nothing to say about it. Sounds like an alright idea, but then again, there may be a reason for things being the way they are -- don't know.
Hans Deragon wrote: > Greetings. > > > [ Resending with a less annoying title and non signed email; > Please reply to this email instead to start a thread. > My apologies ] > > I would like to propose a new feature. The NetworkManagerDispatcher > should call any scripts found under NM_SCRIPT_DIR (currently hardcoded > to '/etc/NetworkManager/dispatcher.d' directory), regardless of the > owner. Currently, it only executes scripts owned by root. > > Scripts would be executed with the EUID set to the user owning the > script. This would prevent a user to gain root privileges. But with > this feature, users without any admin privileges could add their own > scripts. For instance, they could set ssh tunnels when getting > connected to a particular network. > > NM_SCRIPT_DIR would have the sticky bit set, like /tmp. From chmod > man page: > > When the sticky bit is set on a directory, files in that directory > may be unlinked or renamed only by the directory owner as well as > by root or the file owner. Without the sticky bit, anyone able to > write to the directory can delete or rename files. The sticky bit > is commonly found on directories, such as /tmp, that are > world-writable. > > Comments are welcomed. > > If my proposal is welcomed, I could give a try coding it and submit a > patch. Instead of calling system() directly, a fork would be > executed, and the child would perform a setuid() call prior calling > system(). One advantage of forking is that the daemon would never > freeze since only the children would call shell commands. Thus if a > shell command loops indefinitely, the main daemon isn't affected. > > > Best regards, > Hans Deragon - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer III |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGksOmmb+gadEcsb4RAkb+AKCBLUP76nr9luM2ubAoMSdKDWDz6wCfakCO wpMC5ajUkOKjhJ7ktCHRZ0I= =99Qa -----END PGP SIGNATURE-----
begin:vcard fn:Ryan Novosielski n:Novosielski;Ryan org:UMDNJ;IST/AST adr;dom:MSB C630;;185 South Orange Avenue;Newark;NJ;07103 email;internet:[EMAIL PROTECTED] title:Systems Programmer III tel;work:(973) 972-0922 tel;fax:(973) 972-7412 tel;pager:(866) 20-UMDNJ x-mozilla-html:FALSE version:2.1 end:vcard
_______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
