Re: network-manager-iodine
- From: Guido Günther <agx sigxcpu org>
- To: Dan Williams <dcbw redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: network-manager-iodine
- Date: Sun, 26 Feb 2012 18:40:51 +0100
Hi Dan,
On Fri, Feb 24, 2012 at 02:25:49PM -0600, Dan Williams wrote:
> On Thu, 2012-02-09 at 13:49 +0100, Guido Günther wrote:
> > Hi
> > I've written a small network-manager VPN plugin that uses iodine to
> > tunnel through DNS which can be usefull in case you're behind a firewall
> > but DNS queries are allowed:
> >
> > https://honk.sigxcpu.org/piki/projects/network-manager-iodine/
> > git clone git://honk.sigxcpu.org/git/network-manager-iodine.git
> >
> > There are auth and property dialogs and we run chrooted and unprivilged
> > by default. I wonder if this is suitable to be moved over to
> > git.gnome.org alongside with the other modules.
>
> Very nice; also quite clean. Though I wonder if iodine couldn't be
> patched to accept the password over stdin instead of the environment?
It turned out that this is already possible so I changed the code to use
stdin. Thanks for having a look!
> In any case, it appears that only the program's user can
> read /proc/<pid>/environ so we're probably safe there, but environment
> inheritance is fraught with danger. I could be wrong, but if iodine
> spawns a process later, and forgets to clear the environment, it might
> leak the password through to that child process. But anyway... Yeah,
> this is suitable to be moved to git.gnome.org. I think you've got a git
> account now; want to request a git repo and push it?
Done, thanks. I have one question though. What's the correct way to
return errors from the plugin to NetworkManger from functions that run
when real_connect has already finished? Like iodine_stderr_cb?
Cheers,
-- Guido
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
