Hi, Danny Milosavljevic <dan...@friendly-machines.com> writes:
> Maybe for a really really paranoid way we could replace the check by a > check whether geteuid() == st_uid, no ? The idea being that the check > wouldn't change behavior if it's actually run as root and would change > behavior if it's run as your real user. But what would this check buy us? > For the record, on guix system, network manager is run like this: > > $ ps -ef |grep -i networkmana > root 1650 1 0 Jun05 ? 00:00:06 > /gnu/store/8fg4facbxkd31r4yl1q6zl2df28mjixg-network-manager-1.52.0/sbin/NetworkManager > --config=/gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf > --no-daemon Yes, so it’s in the store and the configuration file (and thus plugin directory) is defined statically by the system administrator. So I feel like there cannot be a situation where an unprivileged user would trick NetworkManager into loading user-owned plugins. Thoughts? Ludo’.
