mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2025-12-20 04:40:04 +01:00
0b75d905e5
This build option allowed non-admin users to create system-wide connections. Generally, this is not a good idea as system-wide changes should be done by administrators. However, the main reason for the change is that this can be used to bypass filesystem permissions, among possibly other attacks. As the daemon runs as root, a user can create a system-wide connection that uses a certificate from a different user to authenticate in a WiFi network protected with 802.1X or a VPN, because as root user the daemon can access to the file. This patch does not completely fix the issue, as users can still create private connections specifying a path to another user's connection. This will be addressed in other patch. However, this patch is needed too, because in system-wide connections we don't store which user created the connection, so there woudn't be any way to check his/her permissions. This is part of the fix for CVE-2025-9615 See: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809 |
||
|---|---|---|
| .. | ||
| 84-nm-drivers.rules | ||
| 85-nm-unmanaged.rules | ||
| 90-nm-thunderbolt.rules | ||
| meson.build | ||
| NetworkManager-config-initrd.service.in | ||
| NetworkManager-dispatcher.service.in | ||
| NetworkManager-initrd.service.in | ||
| NetworkManager-ovs.conf | ||
| NetworkManager-wait-online-initrd.service.in | ||
| NetworkManager-wait-online.service.in | ||
| NetworkManager.service.in | ||
| nm-priv-helper.service.in | ||
| nm-shared.xml | ||
| org.freedesktop.NetworkManager.policy.in | ||
| server.conf.in | ||