Firewall blocking desktop features

Dan Williams dcbw at redhat.com
Fri Sep 13 15:35:11 UTC 2013


On Fri, 2013-09-13 at 11:23 +0300, Oron Peled wrote:
> On Friday 13 September 2013 01:51:00 drago01 wrote:
> > On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled <oron at actcom.co.il> wrote:
> > >    - This means that any privileged service controlled by GUI client (e.g:
> > >      NetworkManager) is still only as secure as it's controller (e.g:
> > >      nm-applet).
> > This is wrong. That's not how "controlling the service" works.
> 
> Care to explain?
>  * Let's assume someone exploit a buffer overflow in nm-applet to execute
>    arbitrary code.
> 
>  * Now she can ask (over dbus) from NM to do "legitimate" operations without
>    the user consent/knowledge -- e.g: connect to some random-joe wireless
>    network, etc. (btw, the user can still discover the truth via other
>    client which isn't subverted -- like nmcli, the kde widget, etc.)

nm-applet can certainly *ask* NetworkManager to do something.  Depending
on the policy that an administrator has set, NetworkManager will ask the
user to authorize the request via PolicyKit.  Only if the request is
authorized, will that request be granted.  If your user must authorize
before you can obtain the ModifySystem and ModifyOwn permissions, then
no, nm-applet can't ask NetworkManager to connect to malicious networks
unless that trojan also somehow subverts PolicyKit.

Dan



More information about the devel mailing list