Re: setEnvironmentVariable DBus method for wpasupplicant

Stef <stef memberwebs com> writes:

> David Smith wrote:
>> Stef <stef memberwebs com> writes:
>>> David Smith wrote:
>>>> For implementing PKCS#11 support in the network manager gnome applet
>>>> using gnome keyring as the backing store, it's necessary to tell
>>>> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
>>>> loading the gnome keyring PKCS#11 library. This socket will be protected
>>>> to the local user, but since wpasupplicant must run as root, it should
>>>> be able to access it and indeed it must.
>>> Not sure how we plan to address this. gnome-keyring doesn't currently
>>> support access by root to its sockets.
>> Hmm, then this is a critical problem.
> Sadly this would be a difficult thing for gnome-keyring to change
> throughout all the code. It currently verifies the uid equals the
> current uid in many places throughout the code.

If it's a matter of just fixing the code, then that seems easier then
finding a way to get wpasupplicant to be able to run as the current
user. I think we have to make it so that the PKCS#11 module allows a
user's keyring can be harnessed by supplicants running as a different
user, as long as the user grants the supplicant sufficient access.

- dds

Attachment: pgp08j3OGGhMA.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]