Re: adding scripts for NetworkManagerDispatcher

From: Dan Williams <dcbw redhat com>
To: Casey Harkins <caseyharkins gmail com>
Cc: networkmanager-list gnome org
Subject: Re: adding scripts for NetworkManagerDispatcher
Date: Sun, 26 Nov 2006 11:24:47 -0500

On Sat, 2006-11-25 at 18:17 -0600, Casey Harkins wrote:
> Brian Eaton wrote:
> > - the script must be a regular file (not a symlink), and must be owned 
> > by root.
> 
> This one is incorrect. We install a script (which auto configures our 
> network printers at our offices) to /usr/sbin and create a symlink from 
> the dispatcher.d directory to this script and it works perfectly.
> 
> > 
> > - the script must be writable only by root, and must not be setuid
> I'm not sure if this is the case either (haven't tested nor looked at 
> the code), but I would guess this isn't a requirement, though certainly 
> best practice.

There are some checks in the dispatcher to be pretty strict about what's
being executed...

static inline gboolean nmd_permission_check (struct stat *s)
{
	if (!S_ISREG (s->st_mode))
		return FALSE;
	if (s->st_uid != 0)
		return FALSE;
	if (s->st_mode & (S_IWGRP|S_IWOTH|S_ISUID))
		return FALSE;
	if (!(s->st_mode & S_IXUSR))
		return FALSE;
	return TRUE;
}

Dan


> 
> -casey
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- adding scripts for NetworkManagerDispatcher
  - From: Brian Eaton
- Re: adding scripts for NetworkManagerDispatcher
  - From: Casey Harkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]