Hide Forgot
It was found that NetworkManager, a network devices and connections manager, did not properly enforce the PolicyKit 'auth_admin' action element settings (did not require authentication by an administrative user), when the 'auth_admin' element was specified in org.freedesktop.network-manager-settings.system.wifi.share.open (connection sharing via an open WiFi network) action. A local attacker could use this flaw to setup an unsecure (passwordless) Ad-Hoc wireless network.
Dan, jirka, any update on where this is going?
Jirka, Dan: It seems that other actions in /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy does not work with the version of NM in Fedora-14 and perhaps also RHEL6. Would this patch address those issues as well?
org.freedesktop.network-manager-settings.system.modify org.freedesktop.network-manager-settings.system.hostname.modify Does work. org.freedesktop.network-manager-settings.system.wifi.share.protected org.freedesktop.network-manager-settings.system.wifi.share.open Does not work. So this is really just wireless related.
I propose we get both these issues fixed, so that we can cover it in the same erratum
This issue is public via the following commits: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=wifi-share-auth&id=e7273c1609ac267e1d77ff03c97c8929f15e3737 http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=wifi-share-auth&id=287fe10c40ae9b90ce703b79f3479b755f0956c0 http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=wifi-share-auth&id=e5085f950730b1e2e68645231e2042127c29a82e
Created NetworkManager tracking bugs for this issue Affects: fedora-all [bug 715492]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0930 https://rhn.redhat.com/errata/RHSA-2011-0930.html
Hi guys, A little confused about this issue, how use this flaw to setup an unsecure (passwordless) Ad-Hoc wireless network. Does it affect the 0.8.2? From this source code I can't find any process for below. org.freedesktop.network-manager-settings.system.wifi.share.protected org.freedesktop.network-manager-settings.system.wifi.share.open Thanks!