network-manager-applet r1234 - trunk
- From: dcbw svn gnome org
- To: svn-commits-list gnome org
- Subject: network-manager-applet r1234 - trunk
- Date: Thu, 26 Mar 2009 21:20:32 +0000 (UTC)
Author: dcbw
Date: Thu Mar 26 21:20:32 2009
New Revision: 1234
URL: http://svn.gnome.org/viewvc/network-manager-applet?rev=1234&view=rev
Log:
2009-03-26 Dan Williams <dcbw redhat com>
* nm-applet.conf
- Explicitly allow 'root' to talk to the secrets interface. Fixes a bug exposed
in SUSE ConsoleKit packages that always treated 'root' as at_console when
logged in once; when using explicit denials (which we're using here to
ensure we don't expose distros shipping older D-Bus packages) and when
permissions may overlap, as in the case of root being at_console, there
needs to be an explicit allow in the right section too. Thus when root is
'at_console', root will still have access to secrets due to the explicit
allow in the user=root section.
Modified:
trunk/ChangeLog
trunk/nm-applet.conf
Modified: trunk/nm-applet.conf
==============================================================================
--- trunk/nm-applet.conf (original)
+++ trunk/nm-applet.conf Thu Mar 26 21:20:32 2009
@@ -6,6 +6,10 @@
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
+
+ <!-- Only root can get secrets -->
+ <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
+ send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]