© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I think the patch is the right approach (maybe it's not yet perfect, but goes the right direction).
I think we definitely want such patches upstream.
I talked now with dcbw, he confirmed and applet is supposed to be suitable for a login-screen. If it isn't, it's a bug. (I was wrong there!!, sorry).
The lightdm user should not be able to access any useful certificate files from the system. Thus, choosing a certification from file seems to be only useful, if the user could mount an USB stick -- which the lightdm user shouldn't be able to do.
So, the non-logged-in user can realistically only create non-enterprise connections, which doesn't seem too useful either.
So, creating/modifying *any* connection from the loginscreen shouldn't be possible from the login-screen (and prevented by having no MODIFY_
Ergo: the user shall only be able to connect to existing connections that are already provisioned previously.
I think there is a additional issue, that if the connection has secrets that are agent-owned, NM will present a password-popup to the user (good). But then, the ligthdm user must not put those secrets into the keyring, otherwise, the next time a malicious user could see those previously entered passwords.
Either applet must not try to cache such passwords, or the keyring must not be accessible for the lightdm user.