https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c48
Ludwig Nussel changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
CC| |mvidner@novell.com
Info Provider|lnussel@novell.com |
AssignedTo|hschaa@novell.com |tambet@novell.com
--- Comment #48 from Ludwig Nussel 2009-03-24 08:10:03 MST ---
Do'h! Now this finally all makes sense. I wonder why I didn't see this before.
Of course Georg is right. NetworkManager which runs as root sends a request
over the bus. Now if root for whatever reason is at_console the policy for
at_console overrides the policy for user root. at_console is now allowed to
read secrets -> ouch. That's not a knetworkmanager specific problem.
There are two possible solutions to this problem AFAICS:
a) remove the deny rules for secrets and implement access control in the
applets
b) instead of the send_destination rule that allows all interfaces plus the
deny rule for secrets use allow rules for individual interfaces only. This way
the deny rule could be at context=default or omitted.
In any case we need to update knetworkmanager, nm-applet and cnetworkmanager.
so this is probably a good opportunity only ship one applet config only (bug
476502).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.