Jonas asked me to take a look at the security implications of this. Some observations: * on touch, /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.touch.NetworkManager.pkla allows anyone in the 'sudo' group to access all of NetworkManager. This is not ideal but was the decision taken while we don't have proper PK support on the phone * /usr/share/polkit-1/actions/org.freedesktop.urfkill.policy allows the active seat to call Block. This is probably more permissive than it has to be, but would need someone familiar with urfkill to comment * wpasupplicant (from the 'wpa' source package) ships /etc/dbus-1/system.d/wpa_supplicant.conf and it by default disallows all connections by non-root * wpasupplicant does not ship a policykit file and doesn't seem to have policykit support * http://bazaar.launchpad.net/~mathieu-tl/+junk/touch-hotspot/view/head:/hotspot.py only uses wpas.SetInterfaceFirmware("/", "ap") - I think there might be a bug here: shouldn't disable() put it back to what it was before calling enable()? * wpas_dbus_handler_set_interface_firmware() from wpa_supplicant/dbus/dbus_new_handlers.c has good input validation and only allows setting "ap", "sta" and "p2p" and nothing else
Considering the current policy with NM and the phablet user on Touch, I think it is tolerable to give the phablet user the ability to use SetInterfaceFirmware(). As I see it, there are two paths forward (not listed in any particular order): 1. add policykit support to wpasupplicant, ship a policykit policy file that is very strict, then override on touch similar to how we do in /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.touch.NetworkManager.pkla, but only for SetInterfaceFirmware() 2. use a proxy service that runs as root on the system bus that can make this call on our behalf. This proxy service could be written from scratch, extend NetworkManager, use the connectivity-api, or something else I think '2' is the path of least resistance. It probably makes sense to use something like connectivity-api and have it have methods like: SetAP(), SetSTA(), SetP2P(), each of which talks to wpasupplicant. I suggest talking to the connectivity-api folks for ideas on API and where to best put this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1426923 Title: Allow ubuntu-system-settings to set a device's firmware through wpa_supplicant To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/1426923/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs