Bug 626337 - non-local user can disable wifi and wwan
Summary: non-local user can disable wifi and wwan
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: NetworkManager
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Dan Williams
QA Contact: desktop-bugs@redhat.com
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-23 08:43 UTC by Pierre Ossman
Modified: 2011-05-19 14:24 UTC (History)
4 users (show)

(edit)
Unpriviledged users could change the status of the wireless connection and WWAN. This is now fixed to display a "not authorized" error for any unauthorized users attempting to change the wireless status.
Clone Of:
(edit)
Last Closed: 2011-05-19 14:24:49 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0769 normal SHIPPED_LIVE NetworkManager bug fix and enhancement update 2011-05-18 18:08:36 UTC

Description Pierre Ossman 2010-08-23 08:43:42 UTC
This is a follow-up to bug 585182 where a non-local user could disable the entire networking system. That problem has been fixed, but users can still disable wifi and wwan at inappropriate times.

Relevant comment:

 Dan Williams      2010-08-20 15:31:54 EDT

Ah right; so the issue with Enable Networking *is* in fact fixed.  The problem
here is with "Enable Wireless", correct?

NM has always used properties for the Wifi/WWAN enable toggles, and
unfortunately those can't be protected with PK in the same way as method calls
can, becasue dbus-glib hides the necessary information.  There may be some
workarounds that we can use (and we've discussed them before) so I'll look into
the wifi/wwan switches more.

But WRT to actual servers, they most likely wont' be running wifi devices which
makes this somewhat less severe.

Comment 1 Pierre Ossman 2010-08-23 08:45:48 UTC
Wifi is probably rare on a server, yes, but isn't wwan typically a server kind of thing?

Comment 3 Bill Nottingham 2010-08-23 18:16:19 UTC
WRT to comment #1, no, not really. At least, I don't know of many servers that are connected to the internet via 3G dongles.

Comment 4 Pierre Ossman 2010-08-24 08:27:24 UTC
(In reply to comment #3)
> WRT to comment #1, no, not really. At least, I don't know of many servers that
> are connected to the internet via 3G dongles.

Ah. I thought wwan meant some kind of fancy schmancy fiber ring cards. Never mind then. )

Comment 6 Dan Williams 2010-08-25 20:14:16 UTC
Upstream fixes:

f917852de3f4676f259edd2f272b561c9068435b (master)
e554ffa85915ae86926ba0e021ffa748d77e08ea (0.8.x)

Comment 7 Dan Williams 2010-09-01 18:51:39 UTC
Fixes rolled into Fedora 12, 13, 14, and rawhide as of git20100831 and later.

Comment 14 Misha H. Ali 2011-04-20 06:56:02 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Non-local users could use NetworkManager to enable/disable the wireless connection and wwan. This is now fixed to display a "not authorized" error for non-local users attempting to change the wireless status.

Comment 15 Misha H. Ali 2011-04-20 07:44:48 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1 @@
-Non-local users could use NetworkManager to enable/disable the wireless connection and wwan. This is now fixed to display a "not authorized" error for non-local users attempting to change the wireless status.+Unpriviledged users could change the status of the wireless connection and WWAN. This is now fixed to display a "not authorized" error for any unauthorized users attempting to change the wireless status.

Comment 16 errata-xmlrpc 2011-05-19 14:24:49 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0769.html


Note You need to log in before you can comment on or make changes to this bug.