Re: network-manager-iodine

From: Dan Williams <dcbw redhat com>
To: Guido Günther <agx sigxcpu org>
Cc: networkmanager-list gnome org
Subject: Re: network-manager-iodine
Date: Fri, 24 Feb 2012 14:25:49 -0600

On Thu, 2012-02-09 at 13:49 +0100, Guido Günther wrote:
> Hi
> I've written a small network-manager VPN plugin that uses iodine to
> tunnel through DNS which can be usefull in case you're behind a firewall
> but DNS queries are allowed:
> 
> 	https://honk.sigxcpu.org/piki/projects/network-manager-iodine/
> 	git clone git://honk.sigxcpu.org/git/network-manager-iodine.git
> 
> There are auth and property dialogs and we run chrooted and unprivilged
> by default. I wonder if this is suitable to be moved over to
> git.gnome.org alongside with the other modules.

Very nice; also quite clean.  Though I wonder if iodine couldn't be
patched to accept the password over stdin instead of the environment?
In any case, it appears that only the program's user can
read /proc/<pid>/environ so we're probably safe there, but environment
inheritance is fraught with danger.  I could be wrong, but if iodine
spawns a process later, and forgets to clear the environment, it might
leak the password through to that child process.  But anyway...  Yeah,
this is suitable to be moved to git.gnome.org.  I think you've got a git
account now; want to request a git repo and push it?

Dan

Follow-Ups:
- Re: network-manager-iodine
  - From: Guido =?iso-8859-1?Q?G=FCnther?=

References:
- network-manager-iodine
  - From: Guido =?iso-8859-1?Q?G=FCnther?=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]