Re: network-manager-iodine

On Thu, 2012-02-09 at 13:49 +0100, Guido Günther wrote:
> Hi
> I've written a small network-manager VPN plugin that uses iodine to
> tunnel through DNS which can be usefull in case you're behind a firewall
> but DNS queries are allowed:
> 	git clone git://
> There are auth and property dialogs and we run chrooted and unprivilged
> by default. I wonder if this is suitable to be moved over to
> alongside with the other modules.

Very nice; also quite clean.  Though I wonder if iodine couldn't be
patched to accept the password over stdin instead of the environment?
In any case, it appears that only the program's user can
read /proc/<pid>/environ so we're probably safe there, but environment
inheritance is fraught with danger.  I could be wrong, but if iodine
spawns a process later, and forgets to clear the environment, it might
leak the password through to that child process.  But anyway...  Yeah,
this is suitable to be moved to  I think you've got a git
account now; want to request a git repo and push it?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]