Re: FR: NetworkManagerDispatcher should fireup scripts owned by any user.

From: Aaron Konstam <akonstam sbcglobal net>
To: NetworkManager <networkmanager-list gnome org>
Subject: Re: FR: NetworkManagerDispatcher should fireup scripts owned by any user.
Date: Mon, 09 Jul 2007 09:25:18 -0500

On Sun, 2007-07-08 at 21:02 -0400, Hans Deragon wrote:
> Greetings.
> 
> 
>   [ Resending with a less annoying title and non signed email;
>     Please reply to this email instead to start a thread.
>     My apologies ]
> 
>   I would like to propose a new feature.  The NetworkManagerDispatcher
>   should call any scripts found under NM_SCRIPT_DIR (currently hardcoded
>   to '/etc/NetworkManager/dispatcher.d' directory), regardless of the
>   owner.  Currently, it only executes scripts owned by root.
> 
>   Scripts would be executed with the EUID set to the user owning the
>   script.  This would prevent a user to gain root privileges.  But with
>   this feature, users without any admin privileges could add their own
>   scripts.  For instance, they could set ssh tunnels when getting
>   connected to a particular network.
> 
>   NM_SCRIPT_DIR would have the sticky bit set, like /tmp.  From chmod
>   man page:
> 
>      When the sticky bit is set on a directory, files in that directory
>      may be unlinked or renamed only by the directory owner as well as
>      by  root or the file owner.  Without the sticky bit, anyone able to
>      write to the directory can delete or rename files.  The sticky bit
>      is commonly found on directories, such as /tmp, that are
>      world-writable.
> 
>   Comments are welcomed.
> 
>   If my proposal is welcomed, I could give a try coding it and submit a
>   patch.  Instead of calling system() directly, a fork would be
>   executed, and the child would perform a setuid() call prior calling
>   system().  One advantage of forking is that the daemon would never
>   freeze since only the children would call shell commands.  Thus if a
>   shell command loops indefinitely, the main daemon isn't affected.
> 
> 
> Best regards,
> Hans Deragon
--
=======================================================================
Quidquid latine dictum sit, altum viditur. [Whatever is said in Latin
sounds profound.]
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam sbcglobal net

References:
- FR: NetworkManagerDispatcher should fireup scripts owned by any user.
  - From: Hans Deragon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]