Hello -devel, please keep the bugreport (and its submitter) CCed -- (and the FSO team if it's relevant)
On Tue, 14 Apr 2009 17:00:08 +0200, Salvo wrote: > Debconf could show a question for add selected users to the netdev > group, and then reload dbus service. This bug is related to the "wicd" package -- an Internet connection daemon (both wired/wireless). To use the provided GUI (wicd-client), the user has to add herself to the "netdev" system group. This has been introduced in 1.5.9-1 (Closes: #512160), as a security measure: the user (through the GUI) can tell the daemon (which is run by root [0]) to execute certain scripts (pre- and post-connection), and this obviously is a security hole. [0] this is necessary, and not fixable: the daemon has to run network-related commands (ifconfig, route, [..]), and has to touch root-only files (/etc/resolv.conf comes first to mind). From 1.5.9-1 then, if the user doesn't add herself to the `netdev' group, the GUI won't start up, firing DBus errors (#516767 is a clear example). This is also quite user-unfriendly: not everybody has apt-listchanges installed, and not everybody is used to read files in /usr/share/doc/<package>/ (sure it's a good habit, but not everybody has it). The question is: is it acceptable to use debconf to add users to certain groups, effectively granting them specific rights? I don't see security issues here: the debconf questions would be answered by root, and the commands to manually give would need root access (/or sudo) nevertheless -- so I'm willing to implement that in future revisions of wicd. Is there any other possible solution to this problem? @pkg-fso: Repending on the replies to the above questions, wicd might use debconf in future revisions. Is that a problem for you people? Anything I should know before I get tons of bugreports filed? :) (I know wicd has been chosen as the default network manager in your land) Thank you, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 ----|---- http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
signature.asc
Description: PGP signature
