network-manager-applet r1210 - branches/network-manager-applet-0-6



Author: dcbw
Date: Tue Mar  3 17:09:07 2009
New Revision: 1210
URL: http://svn.gnome.org/viewvc/network-manager-applet?rev=1210&view=rev

Log:
2009-03-03  Dan Williams  <dcbw redhat com>

	* nm-applet.conf
		- CVE-2009-0365: only allow root to get secrets



Modified:
   branches/network-manager-applet-0-6/ChangeLog
   branches/network-manager-applet-0-6/nm-applet.conf

Modified: branches/network-manager-applet-0-6/nm-applet.conf
==============================================================================
--- branches/network-manager-applet-0-6/nm-applet.conf	(original)
+++ branches/network-manager-applet-0-6/nm-applet.conf	Tue Mar  3 17:09:07 2009
@@ -13,6 +13,19 @@
 
 		<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
                 <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
+
+		<!-- Only root can get keys -->
+		<deny send_destination="org.freedesktop.NetworkManagerInfo"
+                      send_interface="org.freedesktop.NetworkManagerInfo"
+                      send_member="getKeyForNetwork"/>
+
+		<deny send_destination="org.freedesktop.NetworkManagerInfo"
+                      send_interface="org.freedesktop.NetworkManagerInfo"
+                      send_member="cancelGetKeyForNetwork"/>
+
+		<deny send_destination="org.freedesktop.NetworkManagerInfo"
+                      send_interface="org.freedesktop.NetworkManagerInfo"
+                      send_member="updateNetworkInfo"/>
 	</policy>
 	<policy context="default">
 		<deny own="org.freedesktop.NetworkManagerInfo"/>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]