On Fri, Aug 4, 2023 at 3:27 PM bent fender <ksusup@trixtar.org> wrote:
Fri, 4 Aug 2023 14:52:59 +0300 Andrei Borzenkov <arvidjaar@gmail.com> :
On Fri, Aug 4, 2023 at 1:40 PM bent fender <ksusup@trixtar.org> wrote:
I have a router with two bandwidths but I use only the lower bandwidth that works with all my usb wifi sticks and all my OS'es. The networks are Net-2 and Net-5. Only Tumbleweed sees Net-5 and sometimes it thinks that I want to use it, at such times I just hit enter in the pwd dialogs, which leads to failure. I don't put up with passwords or any other such data being stored so Tumbleweed has correctly been asking me for root password (first) as well as network password (second) before giving access. But the dialog order sometimes begins with network-pwd and then the whole sequence becomes:
- network pwd - root pwd - network pwd
This repetition of network pwd caught my eye earlier but never more than that. It just seemed a little lossy :-)
This morning I got a first dialog to provide network-pwd for Net-5 for which I just hit return as usual. Repeated the empty return for root-pwd which came second. The result of course was that I had no network connection at which time I went to NetworkManager to open the Net-2 dialog by clicking its ixcon. I had to supply net-2 pwd after which I was expecting to have to supply root-pwd BUT that dialog NEVER came so here I am connected with root pwd never having been given.
Your post does not have a single question mark, so it is not quite clear whether you have a question and what question it is.
It's more of an alert that connection modification is possible without root pwd:
Where do you see "connection modification"? "Connecting to the AP using existing connection definition" is not equal to "connection modification".
to me a clear AND major security issue. NM gets away with it (as far as "I" a non-dev can tell), whether it's an NM issue or an OS issue might be an implied question.
I am more curious why NM requests admin authentication in another case. My best guess is that NM attempts to modify the system connection. You could try to enable trace level logging which may give some hints.
First time it happens in years, fat chance for any tracing...
I talked about your "normal" sequence when you *are* asked for a root password.