Re: FR: NetworkManagerDispatcher should fireup scripts owned by any user.

From: Ryan Novosielski <novosirj umdnj edu>
To: Hans Deragon <hans deragon biz>
Cc: NetworkManager-list gnome org
Subject: Re: FR: NetworkManagerDispatcher should fireup scripts owned by any user.
Date: Mon, 09 Jul 2007 19:24:22 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There was nothing wrong with the original request -- I just personally
have nothing to say about it. Sounds like an alright idea, but then
again, there may be a reason for things being the way they are -- don't
know.

Hans Deragon wrote:
> Greetings.
> 
> 
>   [ Resending with a less annoying title and non signed email;
>     Please reply to this email instead to start a thread.
>     My apologies ]
> 
>   I would like to propose a new feature.  The NetworkManagerDispatcher
>   should call any scripts found under NM_SCRIPT_DIR (currently hardcoded
>   to '/etc/NetworkManager/dispatcher.d' directory), regardless of the
>   owner.  Currently, it only executes scripts owned by root.
> 
>   Scripts would be executed with the EUID set to the user owning the
>   script.  This would prevent a user to gain root privileges.  But with
>   this feature, users without any admin privileges could add their own
>   scripts.  For instance, they could set ssh tunnels when getting
>   connected to a particular network.
> 
>   NM_SCRIPT_DIR would have the sticky bit set, like /tmp.  From chmod
>   man page:
> 
>      When the sticky bit is set on a directory, files in that directory
>      may be unlinked or renamed only by the directory owner as well as
>      by  root or the file owner.  Without the sticky bit, anyone able to
>      write to the directory can delete or rename files.  The sticky bit
>      is commonly found on directories, such as /tmp, that are
>      world-writable.
> 
>   Comments are welcomed.
> 
>   If my proposal is welcomed, I could give a try coding it and submit a
>   patch.  Instead of calling system() directly, a fork would be
>   executed, and the child would perform a setuid() call prior calling
>   system().  One advantage of forking is that the daemon would never
>   freeze since only the children would call shell commands.  Thus if a
>   shell command loops indefinitely, the main daemon isn't affected.
> 
> 
> Best regards,
> Hans Deragon


- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer III
 |$&| |__| |  | |__/ | \| _| |novosirj umdnj edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGksOmmb+gadEcsb4RAkb+AKCBLUP76nr9luM2ubAoMSdKDWDz6wCfakCO
wpMC5ajUkOKjhJ7ktCHRZ0I=
=99Qa
-----END PGP SIGNATURE-----

begin:vcard
fn:Ryan Novosielski
n:Novosielski;Ryan
org:UMDNJ;IST/AST
adr;dom:MSB C630;;185 South Orange Avenue;Newark;NJ;07103
email;internet:novosirj umdnj edu
title:Systems Programmer III
tel;work:(973) 972-0922
tel;fax:(973) 972-7412
tel;pager:(866) 20-UMDNJ
x-mozilla-html:FALSE
version:2.1
end:vcard

References:
- FR: NetworkManagerDispatcher should fireup scripts owned by any user.
  - From: Hans Deragon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]