FEATURE REQUEST: NetworkManagerDispatcher should fireup scripts owned by any user.

From: Hans Deragon <hans deragon biz>
To: NetworkManager-list gnome org
Subject: FEATURE REQUEST: NetworkManagerDispatcher should fireup scripts owned by any user.
Date: Sat, 07 Jul 2007 19:13:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings.


  I would like to propose a new feature.  The NetworkManagerDispatcher
  should call any scripts found under NM_SCRIPT_DIR (currently hardcoded
  to '/etc/NetworkManager/dispatcher.d' directory), regardless of the
  owner.  Currently, it only executes scripts owned by root.

  Scripts would be executed with the EUID set to the user owning the
  script.  This would prevent a user to gain root privileges.  But with
  this feature, users without any admin privileges could add their own
  scripts.  For instance, they could set ssh tunnels when getting
  connected to a particular network.

  NM_SCRIPT_DIR would have the sticky bit set, like /tmp.  From chmod
  man page:

     When the sticky bit is set on a directory, files in that directory
     may be unlinked or renamed only by the directory owner as well as
     by  root or the file owner.  Without the sticky bit, anyone able to
     write to the directory can delete or rename files.  The sticky bit
     is commonly found on directories, such as /tmp, that are
     world-writable.

  Comments are welcomed.

  If my proposal is welcomed, I could give a try coding it and submit a
  patch.  Instead of calling system() directly, a fork would be
  executed, and the child would perform a setuid() call prior calling
  system().  One advantage of forking is that the daemon would never
  freeze since only the children would call shell commands.  Thus if a
  shell command loops indefinitely, the main daemon isn't affected.


Best regards,
Hans Deragon
- --
Consultant en informatique/Software Consultant
Deragon Informatique inc.
http://www.deragon.biz        Open source (contribution):
mailto://hans deragon biz     http://autopoweroff.deragon.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGkB4dkn1Tn1exbkgRAo5vAJ4gpcYsFm3p0+i0A0mxNGOqBcYkSACfWBhf
LJOlM3BjR5FU28+agTuS3mI=
=sD2w
-----END PGP SIGNATURE-----

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]