arcanis/netctl-gui
1
0
Fork 0
mirror of https://github.com/arcan1s/netctl-gui.git synced 2025-07-06 10:35:46 +00:00
Code Issues Projects Releases Wiki Activity

some fixes including adding double quotes

Browse Source
This commit is contained in:
arcan1s
2014-08-12 22:58:13 +04:00
parent b65f761520
commit 3b1701f8b5
15 changed files with 207 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sources/gui/docs/CMakeLists.txt
View File

@ -1,9 +1,12 @@
# build pages
file (GLOB SUBPROJECT_DOCS_IN *.html)
file (GLOB SUBPROJECT_IMGS *.png)
foreach (DOC_IN ${SUBPROJECT_DOCS_IN})
file (RELATIVE_PATH ONE_DOC ${CMAKE_SOURCE_DIR} ${DOC_IN})
configure_file (${DOC_IN} ${CMAKE_CURRENT_BINARY_DIR}/${ONE_DOC})
set (SUBPROJECT_DOCS ${SUBPROJECT_DOCS} ${CMAKE_CURRENT_BINARY_DIR}/${ONE_DOC})
endforeach ()
install (FILES ${SUBPROJECT_DOCS} DESTINATION share/doc/${PROJECT_NAME})
install (FILES ${SUBPROJECT_IMGS} DESTINATION share/doc/${PROJECT_NAME})

BIN
sources/gui/docs/architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

57
sources/gui/docs/netctl-gui-security-notes.html
View File

@ -8,11 +8,68 @@
<h1>netctl-gui security notes</h1>
<h3>Project version : @PROJECT_VERSION@</h3>
<ol>
<li><a href="#description">Description</a></li>
<li><a href="#arch">Architecture</a></li>
<li><a href="#kde">KDE components security</a></li>
<li><a href="#kde">Graphical interface security</a></li>
<li><a href="#library">Library security</a></li>
<li><a href="#helper">Helper security</a></li>
<ul><li><a href="#helper-suid">Run helper with SUID bit</a></li></ul>
<li><a href="#links">External links</a></li>
</ol>
</head>
<body>
<h2><a href="#description" class="anchor" name="description"></a>Description</h2>
<p></p>
<h2><a href="#arch" class="anchor" name="arch"></a>Architecture</h2>
<img src="architecture.png" alt="architecture" align="middle">
<h2><a href="#kde" class="anchor" name="kde"></a>KDE components security</h2>
<p>There are two netctl-based commands which are run from the DataEngine</p>
<ul>
<li><code>&lt;cmd&gt; list</code></li>
<li><code>netctl is-enabled &lt;profile&gt;</code></li>
</ul>
<p>Both of them do not require any additional privileges normally. Also DataEngine has two other command which will be run from; they should define external IP. According to the idea that user can set <i>any</i> command to run, this module is not secure. But running commands will not do more than user can do from console himself.</p>
<p>The widget gets information from DataEngine, thus it does not require any additional permissions to show information. But netctl calls with root privileges are used to control netctl. In this case used commands are</p>
<ul>
<li><code>netctl enable &lt;profile&gt;</code></li>
<li><code>netctl disable &lt;profile&gt;</code></li>
<li><code>netctl restart &lt;profile&gt;</code></li>
<li><code>netctl start &lt;profile&gt;</code></li>
<li><code>netctl stop &lt;profile&gt;</code></li>
<li><code>netctl switch-to &lt;profile&gt;</code></li>
<li><code>netctl-auto switch-to &lt;profile&gt;</code></li>
</ul>
<p>All netctl-based commands <i>requires</i> root privileges and <code>sudo</code> (and any other alternatives) is used normally as prefix to the commands. The netctl-auto command does not require additional permissions.</p>
<p>The other way is to use DBus communication with <a href="#helper">the helper</a>. In this case user should have rights to start the helper.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Graphical interface security</h2>
<p>Graphical interface may interact with netctl over <a href="#helper">DBus (the helper)</a> and over <a href="#library">the library</a>. Please refer to their notes to any additional information. If user uses helper he should have permissions to run it.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Library security</h2>
<p>According to <a href="#arch">the scheme</a> library gets information from netctl and can control it. Also it provides some additional functions such as a profile creation and removal and access to wpa_supplicant functions. Some function does not require additional permissions, but other ones do it. All dynamic arguments including profile names and paths are in double quotes to avoid white spaces problem. The functions which requires root privileges are:</p>
<ul>
<li>Netctl control module</li>
<ul>
<li><code>netctl start|stop|restart|switch-to|enable|disable &lt;profile&gt;</code>. They are commands which provide a general control to netctl.</li>
<li><code>systemctl start|restart|enable &lt;netctl-auto@service&gt;</code>. They are commands which provide ability to control netctl-auto systemd service.</li>
</ul>
<li>Netctl profiles module</li>
<ul>
<li>Copying of a temporary profile from home directory to netctl profiles directory. <code>cp</code> command is used for it.</li>
<li>Removal of a profile. <code>rm</code> command is used for it.</li>
</ul>
<li>WiFi module</li>
<ul>
<li>This module require root privileges to start wpa_supplicant only. For the futher interaction user must be in <code>CTRL_GROUP</code>.</li>
</ul>
</ul>
<h2><a href="#links" class="anchor" name="links"></a>External links</h2>
<ul>
<li><a href="http://arcanis.name/projects/netctl-gui/">Homepage</a></li>

88
sources/gui/docs/netctl-gui-security-notes.html~ Normal file
View File

@ -0,0 +1,88 @@
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>netctl-gui secutiry notes</title>
<style type="text/css">
</style>
<h1>netctl-gui security notes</h1>
<h3>Project version : @PROJECT_VERSION@</h3>
<ol>
<li><a href="#description">Description</a></li>
<li><a href="#arch">Architecture</a></li>
<li><a href="#kde">KDE components security</a></li>
<li><a href="#kde">Graphical interface security</a></li>
<li><a href="#library">Library security</a></li>
<li><a href="#helper">Helper security</a></li>
<ul><li><a href="#helper-suid">Run helper with SUID bit</a></li></ul>
<li><a href="#links">External links</a></li>
</ol>
</head>
<body>
<h2><a href="#description" class="anchor" name="description"></a>Description</h2>
<p></p>
<h2><a href="#arch" class="anchor" name="arch"></a>Architecture</h2>
<img src="architecture.png" alt="architecture" align="middle">
<h2><a href="#kde" class="anchor" name="kde"></a>KDE components security</h2>
<p>There are two netctl-based commands which are run from the DataEngine</p>
<ul>
<li><code>&lt;cmd&gt; list</code></li>
<li><code>netctl is-enabled &lt;profile&gt;</code></li>
</ul>
<p>Both of them do not require any additional privileges normally. Also DataEngine has two other command which will be run from; they should define external IP. According to the idea that user can set <i>any</i> command to run, this module is not secure. But running commands will not do more than user can do from console himself.</p>
<p>The widget gets information from DataEngine, thus it does not require any additional permissions to show information. But netctl calls with root privileges are used to control netctl. In this case used commands are</p>
<ul>
<li><code>netctl enable &lt;profile&gt;</code></li>
<li><code>netctl disable &lt;profile&gt;</code></li>
<li><code>netctl restart &lt;profile&gt;</code></li>
<li><code>netctl start &lt;profile&gt;</code></li>
<li><code>netctl stop &lt;profile&gt;</code></li>
<li><code>netctl switch-to &lt;profile&gt;</code></li>
<li><code>netctl-auto switch-to &lt;profile&gt;</code></li>
</ul>
<p>All netctl-based commands <i>requires</i> root privileges and <code>sudo</code> (and any other alternatives) is used normally as prefix to the commands. The netctl-auto command does not require additional permissions.</p>
<p>The other way is to use DBus communication with <a href="#helper">the helper</a>. In this case user should have rights to start the helper.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Graphical interface security</h2>
<p>Graphical interface may interact with netctl over <a href="#helper">DBus (the helper)</a> and over <a href="#library">the library</a>. Please refer to their notes to any additional information. If user uses helper he should have permissions to run it.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Library security</h2>
<p>According to <a href="#arch">the scheme</a> library gets information from netctl and can control it. Also it provides some additional functions such as a profile creation and removal and access to wpa_supplicant functions. Some function does not require additional permissions, but other ones do it. All dynamic arguments including profile names and paths are in double quotes to avoid white spaces problem. The functions which requires root privileges are:</p>
<ul>
<li>Netctl control module</li>
<ul>
<li><code>netctl start|stop|restart|switch-to|enable|disable &lt;profile&gt;</code>. They are commands which provide a general control to netctl.</li>
<li><code>systemctl start|restart|enable &lt;netctl-auto@service&gt;</code>. They are commands which provide ability to control netctl-auto systemd service.</li>
</ul>
<li>Netctl profiles module</li>
<ul>
<li>Copying of a temporary profile from home directory to netctl profiles directory. <code>cp</code> command is used for it.</li>
<li>Removal of a profile. <code>rm</code> command is used for it.</li>
</ul>
<li>WiFi module</li>
<ul>
<li>This module require root privileges to start wpa_supplicant only. For the futher interaction user must be in <code>CTRL_GROUP</code>.</li>
</ul>
</ul>
<p></p>
<h2><a href="#links" class="anchor" name="links"></a>External links</h2>
<ul>
<li><a href="http://arcanis.name/projects/netctl-gui/">Homepage</a></li>
<li><a href="https://github.com/arcan1s/netctl-gui">Repository</a></li>
<li><a href="https://github.com/arcan1s/netctl-gui/issues">Bugtracker</a></li>
</ul>
<p align="center" style="font-size: 70%">
&copy; 2014-@CURRENT_YEAR@ <a href="mailto:@PROJECT_CONTACT@">@PROJECT_AUTHOR@</a><br>
This software is licensed under @PROJECT_LICENSE@
</p>
</body>
</html>