Hi Dan, On Fri, Feb 24, 2012 at 02:25:49PM -0600, Dan Williams wrote: > On Thu, 2012-02-09 at 13:49 +0100, Guido Günther wrote: > > Hi > > I've written a small network-manager VPN plugin that uses iodine to > > tunnel through DNS which can be usefull in case you're behind a firewall > > but DNS queries are allowed: > > > > https://honk.sigxcpu.org/piki/projects/network-manager-iodine/ > > git clone git://honk.sigxcpu.org/git/network-manager-iodine.git > > > > There are auth and property dialogs and we run chrooted and unprivilged > > by default. I wonder if this is suitable to be moved over to > > git.gnome.org alongside with the other modules. > > Very nice; also quite clean. Though I wonder if iodine couldn't be > patched to accept the password over stdin instead of the environment?
It turned out that this is already possible so I changed the code to use stdin. Thanks for having a look! > In any case, it appears that only the program's user can > read /proc/<pid>/environ so we're probably safe there, but environment > inheritance is fraught with danger. I could be wrong, but if iodine > spawns a process later, and forgets to clear the environment, it might > leak the password through to that child process. But anyway... Yeah, > this is suitable to be moved to git.gnome.org. I think you've got a git > account now; want to request a git repo and push it? Done, thanks. I have one question though. What's the correct way to return errors from the plugin to NetworkManger from functions that run when real_connect has already finished? Like iodine_stderr_cb? Cheers, -- Guido _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
