Re: ANN: NetworkManager 1.1.91 (1.2-beta2) released

Sun, 20 Mar 2016 23:53:44 -0700 

On Mon, 21 Mar 2016 01:32:01 -0500
Robby Workman <ro...@rlworkman.net> wrote:

> 1. /var/run/NetworkManager/ is created with mode 0700, which is
>    a problem because non-root clients are unable to read the
>    resolv.conf inside it. On this system, /var/run is a bind
>    mount to /run, which is mode 0755 itself, so I don't think
>    this problem is a result of any local configuration.


Well, this is only a problem immediately after package installation.
The installation process installs a /var/run/NetworkManger/ directory
with mode 0700, but if one is not present already, src/nm-main-utils.c
creates it with mode 0755. 

In src/Makefile.am, there's this line:
        $(mkinstalldirs) -m 0700 $(DESTDIR)$(rundir)
and rundir is defined as:
        rundir=$(runstatedir)/NetworkManager
and runstatedir is defined as $localstatedir/run in configure.ac,
so essentially it's happening in src/Makefile.am

Given that src/nm-main-utils.c creates NMRUNDIR if it doesn't
already exist, it seems the best option is to kill that invocation
of $(mkinstalldirs) in src/Makefile.am or modify it to use 0755
instead of 0700.  Patch attached to do the latter, but of course,
handle as you guys deem best.

-RW

From a75e59161882f9989e3ea76e5c0dc5d5f0f503df Mon Sep 17 00:00:00 2001
From: Robby Workman <rwork...@slackware.com>
Date: Mon, 21 Mar 2016 01:51:08 -0500
Subject: [PATCH] src/Makefile.am: Create $rundir mode 0755 instead of 0700

Otherwise, $NMRUNDIR/resolv.conf isn't readable by unprivileged
users.
---
 src/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile.am b/src/Makefile.am
index 353a31d..aee7eae 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -638,7 +638,7 @@ EXTRA_DIST = \
 rundir=$(runstatedir)/NetworkManager
 statedir=$(localstatedir)/lib/NetworkManager
 install-data-hook:
-	$(mkinstalldirs) -m 0700 $(DESTDIR)$(rundir)
+	$(mkinstalldirs) -m 0755 $(DESTDIR)$(rundir)
 	$(mkinstalldirs) -m 0700 $(DESTDIR)$(statedir)
 	$(mkinstalldirs) -m 0755 $(DESTDIR)$(pkglibdir)
 
-- 
2.7.4

Attachment: pgpCinnOzJu5i.pgp
Description: OpenPGP digital signature

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to