network-manager-applet r1234 - trunk

From: dcbw svn gnome org
To: svn-commits-list gnome org
Subject: network-manager-applet r1234 - trunk
Date: Thu, 26 Mar 2009 21:20:32 +0000 (UTC)

Author: dcbw
Date: Thu Mar 26 21:20:32 2009
New Revision: 1234
URL: http://svn.gnome.org/viewvc/network-manager-applet?rev=1234&view=rev

Log:
2009-03-26  Dan Williams  <dcbw redhat com>

	* nm-applet.conf
		- Explicitly allow 'root' to talk to the secrets interface.  Fixes a bug exposed
			in SUSE ConsoleKit packages that always treated 'root' as at_console when
			logged in once; when using explicit denials (which we're using here to
			ensure we don't expose distros shipping older D-Bus packages) and when
			permissions may overlap, as in the case of root being at_console, there
			needs to be an explicit allow in the right section too.  Thus when root is
			'at_console', root will still have access to secrets due to the explicit
			allow in the user=root section.



Modified:
   trunk/ChangeLog
   trunk/nm-applet.conf

Modified: trunk/nm-applet.conf
==============================================================================
--- trunk/nm-applet.conf	(original)
+++ trunk/nm-applet.conf	Thu Mar 26 21:20:32 2009
@@ -6,6 +6,10 @@
                 <allow own="org.freedesktop.NetworkManagerUserSettings"/>
 
                 <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
+
+		<!-- Only root can get secrets -->
+		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
+		       send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
         </policy>
         <policy at_console="true">
                 <allow own="org.freedesktop.NetworkManagerUserSettings"/>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]