A system wide network manager configuration that's visible to all users
editable by all administrators (both via nm-applet...) is my preference.
This could allow network connections with no-one logged in and could fix
this bug too.

This sounds like it's worthy of a blueprint.

There seems to be two bugs here:
1) nm-applet isn't starting for a second user (useful for monitoring).
2) nm-applet can't be used to create a network connection when nm-applet's 
already running as another user, even if the device in question is free. So 
that a) prevents hijacking (desirable for non-admin, but not for admin users), 
b) prevents opening free devices (desirable for non-admin, but not for admin 
users).

Interesting security issues:
1) Allowing any user to open/hijack network connections may allow for easier 
man in the middle attacks. This is really more of an issue for virtual networks 
and wireless networks as physical network man in the middle requires a physical 
connection (thus usually physical access, or an unlikely forgotten extra 
plugged in network connection).
2) Allowing any user to use open network connections may allow less trusted 
users access to a network they couldn't otherwise authenticate to. I'm not sure 
there's any time reasonable way to lock this down as it would require some kind 
of capabilities management, and possibly kernel changes.

Thanks,

     Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html

-- 
nm-applet fails when another user is logged in
https://bugs.launchpad.net/bugs/284596
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to