Am 11.03.2011 18:21, schrieb Dan Williams: > On Fri, 2011-03-11 at 09:49 +0100, Michael Biebl wrote: >> Am 10.03.2011 18:00, schrieb Dan Williams: >>> other VPN plugins may/may not follow depending on whether we find and >>> fix bugs. Thanks to everyone so far for their testing, lets keep at it >>> til we're done. >> >> Been testing the 0.8.996 packages. Looking quite ok so far. >> >> Some impressions: >> >> - Import of user settings worked fine when restarting nm-applet. >> >> - libnm-glib api doc contains invalid xml: Object Hierarchy, API Index and >> Glossary are not shown in the devhelp documentation. >> >> "public" and "private" system connections: >> private: permissions=user:michael:; is set >> public: no permissions settings, global to all users. > > I just uploaded new docs which should have some of these issues fixed. The still point to e.g. http://projects.gnome.org/NetworkManager/developers/libnm-glib/08/ and In libnm-util API Reference I get an <xi:include></xi:include> after nm-utils — Utility functions >> >> - I can edit public system connections without authorization through policykit!!! > > org.freedesktop.NetworkManager.settings.modify.system now defaults to > "yes", but may be locked down on a per-user basis via PolicyKit. > Perhaps we should review that decision, but the core issue is that it > would be odd to require a user to authenticate to connect to a new WiFi > AP in a default install. If that were the case, you'd authenticate when > you clicked a new AP from an applet menu so you could create the > connection, and then you'd authenticate when you had to type the WPA-PSK > since that's also modifying a system connection. > > All connections are now system-wide by default, which is checked against > the org.freedesktop.NetworkManager.settings.modify.system permission. > System-wide-by-default was something that Ubuntu requested last year and > matches the behavior of other OSes as well. > > Or maybe we discuss this a bit? Ideas? What should the defaults be? At least system connections which were previously created with 0.8 and not readable by regular users without prior authorization, will need to be locked down. Otherwise you possibly leak sensible information, which I'd consider a security bug. For newly created connections the situation is different. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature