GNU bug report logs -
#78047
WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Previous Next
Full log
View this message in rfc822 format
Hi Ludo,
The commit that introduced the check is the following one.
I'd just ask Thomas Haller for advice and for what the purpose of the check is, no?
Probably the classic "if some weird user can change the contents of the (network manager or otherwise) plugins that are used in the gdm login screen, that's not good and can be used for all kinds of shady shit". (confused deputy)
Maybe for a really really paranoid way we could replace the check by a check whether geteuid() == st_uid, no ? The idea being that the check wouldn't change behavior if it's actually run as root and would change behavior if it's run as your real user.
For the record, on guix system, network manager is run like this:
$ ps -ef |grep -i networkmana
root 1650 1 0 Jun05 ? 00:00:06 /gnu/store/8fg4facbxkd31r4yl1q6zl2df28mjixg-network-manager-1.52.0/sbin/NetworkManager --config=/gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf --no-daemon
$ cat /gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf
[main]
dns=default
$ sudo cat /proc/1650/environ
[...]
NM_VPN_PLUGIN_DIR=/gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/
$ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/
total 756
-r--r--r-- 10 root root 44330 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.a
-r-xr-xr-x 1 root root 3537 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.la
-r-xr-xr-x 2 root root 43664 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.so
-r-xr-xr-x 1 root root 1998 Jan 1 1970 libnm-gtk4-vpn-plugin-openvpn-editor.la
-r-xr-xr-x 2 root root 191840 Jan 1 1970 libnm-gtk4-vpn-plugin-openvpn-editor.so
-r--r--r-- 2 root root 25986 Jan 1 1970 libnm-vpn-plugin-openconnect.a
-r--r--r-- 10 root root 51568 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.a
-r-xr-xr-x 1 root root 3422 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.la
-r-xr-xr-x 2 root root 51856 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.so
-r-xr-xr-x 1 root root 2817 Jan 1 1970 libnm-vpn-plugin-openconnect.la
-r-xr-xr-x 2 root root 27184 Jan 1 1970 libnm-vpn-plugin-openconnect.so
-r-xr-xr-x 1 root root 1892 Jan 1 1970 libnm-vpn-plugin-openvpn-editor.la
-r-xr-xr-x 2 root root 232832 Jan 1 1970 libnm-vpn-plugin-openvpn-editor.so
-r-xr-xr-x 1 root root 1276 Jan 1 1970 libnm-vpn-plugin-openvpn.la
-r-xr-xr-x 2 root root 64440 Jan 1 1970 libnm-vpn-plugin-openvpn.so
dr-xr-xr-x 2 root root 4096 Jan 1 1970 VPN/
$ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/VPN/
total 8
-r--r--r-- 1 root root 657 Jan 1 1970 nm-openconnect-service.name
-r--r--r-- 1 root root 668 Jan 1 1970 nm-openvpn-service.name
commit 05e2e701a8638f5a159392f7ed1fd82b02886fd9
Author: Thomas Haller <thaller <at> redhat.com>
Date: Wed Jun 18 11:58:30 2014 +0200
core: check file permissions when loading device plugins and order by file modification time
Refactor the loading of device plugins by creating the list of
module filenames in a separate function.
Thereby also check for file permissions (must be only modifiable by root)
and sort the files by last file modification time. This has the advantage,
that if several plugins provide the same device type, that we (deterministically)
prefer the most recent one.
Signed-off-by: Thomas Haller <thaller <at> redhat.com>
This bug report was last modified 13 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.