| Summary: | vpnc-helper discards command-line arguments | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Ben Liblit <liblit> |
| Component: | vpnc | Assignee: | Huzaifa S. Sidhpurwala <huzaifas> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el5 | CC: | huzaifas, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-03-14 07:21:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
That's completely intentional as allowing parameters to be passed would be vulnerable to security attack. The helper is just for convenience and the configuration is supposed to be managed by root. Suppose root does manage the configuration, presumably by creating one or more connection configuration files in /etc/vpnc. How is the user supposed to take advantage of these? If root has created "/etc/vpnc/foo.conf", the user should at least be able to run "vpnc foo" to connect to this root-managed VPN. That does not currently work. My mental model is "admin creates connection configs; user activates these by name". That's definitely not supported by the current helper script. So I just don't understand what the intended usage scenario is here. Any clarification would be much appreciated, as clearly I'm thinking about this in the wrong way. The usage scenario is unfortunately only the simplest one for one VPN configuration allowed. Of course adding some way to allow a choice from multiple configurations would be a nice feature - patches welcome. Of course still the implementation must avoid the possibility to pass arbitrary arguments by the user to the vpnc. OK, one configuration. Got it. Thank you for helping me understand! |
Description of problem: When a non-root user runs "/usr/bin/vpnc", any command-line arguments are discarded instead of being passed to the real "/usr/sbin/vpnc". That makes it impossible to use anything other than default or interactively-prompted values for various configuration options. Version-Release number of selected component (if applicable): vpnc-consoleuser-0.5.3-8.el5 How reproducible: 100% reproducible. Steps to Reproduce: 1. As non-root, run "/usr/bin/vpnc --help". 2. As non-root, run "/usr/sbin/vpnc --help". 3. Compare the output of the above two commands. Actual results: The first command prompts the user to "Enter IPSec gateway address:". This reveals that the "--help" flag has been discarded. Expected results: Both commands given above should have printed help information. Additional info: The fix is to add "$@" at the end of the second line of "/usr/sbin/vpnc-helper". The quotes should be included in that change. Thus, the entire script should read: #!/bin/sh /usr/sbin/vpnc "$@"