Review Request 126041: Allow access for all users by default for newly created connections

Jan Grulich jgrulich at redhat.com
Thu Nov 12 14:56:31 UTC 2015 


> On Lis. 12, 2015, 2:47 odp., Lamarque Souza wrote:
> > I still do not get the reason for this. If a connection is of type system then NetworkManager will store its secrets (in plain text in most cases), that is a security risk and there will be no kwallet involved. Even if you uncheck "All users may connect to this network" and selects all users (is that what you want?), that also means any user will be able to read the password.

NM doesn't work that way, if you allow to a connection to be available for all users and set the password as agent-owned, then NM won't store it in its storage in plain text, it will just make the connection available/visible for everyone, but once someone else try to active it, NM will prompt for a password.

The reason for this is, when you run LiveCD and create connection as system connection, it will be created in /etc/NetworkManager/system-connections and should be copied during installation from the LiveCD and later available on the newly installed system (just the password will be missing if it's stored into KWallet for liveuser). There shouldn't be any security risk because I changed how plasma-nm chooses password storage in Plasma 5.5 and it no longer depends on whether the connection is available for everyone or not.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126041/#review88294
-----------------------------------------------------------


On Lis. 12, 2015, 11 dop., Jan Grulich wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126041/
> -----------------------------------------------------------
> 
> (Updated Lis. 12, 2015, 11 dop.)
> 
> 
> Review request for Network Management and Lamarque Souza.
> 
> 
> Repository: plasma-nm
> 
> 
> Description
> -------
> 
> See summary, nm-connection-editor also have this by default. Reason for this are LiveCDs, where when you create system connections then they should be also in the installed system. Making all connections available for all also shouldn't be a problem due to security reasons because passwords are still saved into KWallet by default just for one user.
> 
> 
> Diffs
> -----
> 
>   libs/editor/connectiondetaileditor.cpp 7370bbb 
>   libs/editor/settings/ui/connectionwidget.ui 3111b54 
>   libs/handler.cpp 20db520 
> 
> Diff: https://git.reviewboard.kde.org/r/126041/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jan Grulich
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-networkmanager/attachments/20151112/8e114032/attachment.html>

More information about the kde-networkmanager mailing list