It was found that NetworkManager, a network devices and connections manager,
did not properly enforce the PolicyKit 'auth_admin' action element settings
(did not require authentication by an administrative user), when the
'auth_admin' element was specified in
sharing via an open WiFi network) action. A local attacker could use this flaw
to setup an unsecure (passwordless) Ad-Hoc wireless network.
any update on where this is going?
It seems that other actions in /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy does not work with the version of NM in Fedora-14 and perhaps also RHEL6.
Would this patch address those issues as well?
Does not work.
So this is really just wireless related.
I propose we get both these issues fixed, so that we can cover it in the same erratum
This issue is public via the following commits:
Created NetworkManager tracking bugs for this issue
Affects: fedora-all [bug 715492]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0930 https://rhn.redhat.com/errata/RHSA-2011-0930.html
A little confused about this issue, how use this flaw to setup an unsecure (passwordless) Ad-Hoc wireless network.
Does it affect the 0.8.2? From this source code I can't find any process for below.