- From: Dan Williams <dcbw redhat com>
- To: Guido Günther <agx sigxcpu org>
- Cc: networkmanager-list gnome org
- Subject: Re: network-manager-iodine
- Date: Fri, 24 Feb 2012 14:25:49 -0600
On Thu, 2012-02-09 at 13:49 +0100, Guido Günther wrote:
> I've written a small network-manager VPN plugin that uses iodine to
> tunnel through DNS which can be usefull in case you're behind a firewall
> but DNS queries are allowed:
> git clone git://honk.sigxcpu.org/git/network-manager-iodine.git
> There are auth and property dialogs and we run chrooted and unprivilged
> by default. I wonder if this is suitable to be moved over to
> git.gnome.org alongside with the other modules.
Very nice; also quite clean. Though I wonder if iodine couldn't be
patched to accept the password over stdin instead of the environment?
In any case, it appears that only the program's user can
read /proc/<pid>/environ so we're probably safe there, but environment
inheritance is fraught with danger. I could be wrong, but if iodine
spawns a process later, and forgets to clear the environment, it might
leak the password through to that child process. But anyway... Yeah,
this is suitable to be moved to git.gnome.org. I think you've got a git
account now; want to request a git repo and push it?
] [Thread Prev