Re: FR: NetworkManagerDispatcher should fireup scripts owned by any user.

Hash: SHA1

There was nothing wrong with the original request -- I just personally
have nothing to say about it. Sounds like an alright idea, but then
again, there may be a reason for things being the way they are -- don't

Hans Deragon wrote:
> Greetings.
>   [ Resending with a less annoying title and non signed email;
>     Please reply to this email instead to start a thread.
>     My apologies ]
>   I would like to propose a new feature.  The NetworkManagerDispatcher
>   should call any scripts found under NM_SCRIPT_DIR (currently hardcoded
>   to '/etc/NetworkManager/dispatcher.d' directory), regardless of the
>   owner.  Currently, it only executes scripts owned by root.
>   Scripts would be executed with the EUID set to the user owning the
>   script.  This would prevent a user to gain root privileges.  But with
>   this feature, users without any admin privileges could add their own
>   scripts.  For instance, they could set ssh tunnels when getting
>   connected to a particular network.
>   NM_SCRIPT_DIR would have the sticky bit set, like /tmp.  From chmod
>   man page:
>      When the sticky bit is set on a directory, files in that directory
>      may be unlinked or renamed only by the directory owner as well as
>      by  root or the file owner.  Without the sticky bit, anyone able to
>      write to the directory can delete or rename files.  The sticky bit
>      is commonly found on directories, such as /tmp, that are
>      world-writable.
>   Comments are welcomed.
>   If my proposal is welcomed, I could give a try coding it and submit a
>   patch.  Instead of calling system() directly, a fork would be
>   executed, and the child would perform a setuid() call prior calling
>   system().  One advantage of forking is that the daemon would never
>   freeze since only the children would call shell commands.  Thus if a
>   shell command loops indefinitely, the main daemon isn't affected.
> Best regards,
> Hans Deragon

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer III
 |$&| |__| |  | |__/ | \| _| |novosirj umdnj edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

fn:Ryan Novosielski
adr;dom:MSB C630;;185 South Orange Avenue;Newark;NJ;07103
email;internet:novosirj umdnj edu
title:Systems Programmer III
tel;work:(973) 972-0922
tel;fax:(973) 972-7412
tel;pager:(866) 20-UMDNJ

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]