A system wide network manager configuration that's visible to all users
editable by all administrators (both via nm-applet...) is my preference.
This could allow network connections with no-one logged in and could fix
this bug too.
This sounds like it's worthy of a blueprint.
There seems to be two bugs here:
1) nm-applet isn't starting for a second user (useful for monitoring).
2) nm-applet can't be used to create a network connection when nm-applet's
already running as another user, even if the device in question is free. So
that a) prevents hijacking (desirable for non-admin, but not for admin users),
b) prevents opening free devices (desirable for non-admin, but not for admin
users).
Interesting security issues:
1) Allowing any user to open/hijack network connections may allow for easier
man in the middle attacks. This is really more of an issue for virtual networks
and wireless networks as physical network man in the middle requires a physical
connection (thus usually physical access, or an unlikely forgotten extra
plugged in network connection).
2) Allowing any user to use open network connections may allow less trusted
users access to a network they couldn't otherwise authenticate to. I'm not sure
there's any time reasonable way to lock this down as it would require some kind
of capabilities management, and possibly kernel changes.
Thanks,
Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html
--
nm-applet fails when another user is logged in
https://bugs.launchpad.net/bugs/284596
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
