Comment 39 for bug 284596

A system wide network manager configuration that's visible to all users editable by all administrators (both via nm-applet...) is my preference. This could allow network connections with no-one logged in and could fix this bug too.

This sounds like it's worthy of a blueprint.

There seems to be two bugs here:
1) nm-applet isn't starting for a second user (useful for monitoring).
2) nm-applet can't be used to create a network connection when nm-applet's already running as another user, even if the device in question is free. So that a) prevents hijacking (desirable for non-admin, but not for admin users), b) prevents opening free devices (desirable for non-admin, but not for admin users).

Interesting security issues:
1) Allowing any user to open/hijack network connections may allow for easier man in the middle attacks. This is really more of an issue for virtual networks and wireless networks as physical network man in the middle requires a physical connection (thus usually physical access, or an unlikely forgotten extra plugged in network connection).
2) Allowing any user to use open network connections may allow less trusted users access to a network they couldn't otherwise authenticate to. I'm not sure there's any time reasonable way to lock this down as it would require some kind of capabilities management, and possibly kernel changes.

Thanks,

     Drew Daniels
Resume: http://www.boxheap.net/ddaniels/resume.html