arcanis/netctl-gui
1
0
Fork 0
mirror of https://github.com/arcan1s/netctl-gui.git synced 2025-04-24 23:47:21 +00:00
Code Issues Projects Releases Wiki Activity

add --system flag to the helper

Browse Source 
add security notes
This commit is contained in:
arcan1s 2014-08-12 23:49:35 +04:00
parent 3b1701f8b5
commit eabfac7323
14 changed files with 92 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -64,8 +64,8 @@ Additional information
TODO (wish list)
----------------
* add helper polkit-qt integration
* security notes / project architecture
* add helper polkit-qt integration ?
* update to show error messages if debug=true
* autotests
Links

70
sources/gui/docs/netctl-gui-security-notes.html
View File

@ -10,11 +10,10 @@
<ol>
<li><a href="#description">Description</a></li>
<li><a href="#arch">Architecture</a></li>
<li><a href="#kde">KDE components security</a></li>
<li><a href="#kde">Graphical interface security</a></li>
<li><a href="#library">Library security</a></li>
<li><a href="#helper">Helper security</a></li>
<ul><li><a href="#helper-suid">Run helper with SUID bit</a></li></ul>
<li><a href="#gui">Graphical interface security</a></li>
<li><a href="#kde">KDE components security</a></li>
<li><a href="#links">External links</a></li>
</ol>
</head>
@ -26,33 +25,8 @@
<h2><a href="#arch" class="anchor" name="arch"></a>Architecture</h2>
<img src="architecture.png" alt="architecture" align="middle">
<h2><a href="#kde" class="anchor" name="kde"></a>KDE components security</h2>
<p>There are two netctl-based commands which are run from the DataEngine</p>
<ul>
<li><code>&lt;cmd&gt; list</code></li>
<li><code>netctl is-enabled &lt;profile&gt;</code></li>
</ul>
<p>Both of them do not require any additional privileges normally. Also DataEngine has two other command which will be run from; they should define external IP. According to the idea that user can set <i>any</i> command to run, this module is not secure. But running commands will not do more than user can do from console himself.</p>
<p>The widget gets information from DataEngine, thus it does not require any additional permissions to show information. But netctl calls with root privileges are used to control netctl. In this case used commands are</p>
<ul>
<li><code>netctl enable &lt;profile&gt;</code></li>
<li><code>netctl disable &lt;profile&gt;</code></li>
<li><code>netctl restart &lt;profile&gt;</code></li>
<li><code>netctl start &lt;profile&gt;</code></li>
<li><code>netctl stop &lt;profile&gt;</code></li>
<li><code>netctl switch-to &lt;profile&gt;</code></li>
<li><code>netctl-auto switch-to &lt;profile&gt;</code></li>
</ul>
<p>All netctl-based commands <i>requires</i> root privileges and <code>sudo</code> (and any other alternatives) is used normally as prefix to the commands. The netctl-auto command does not require additional permissions.</p>
<p>The other way is to use DBus communication with <a href="#helper">the helper</a>. In this case user should have rights to start the helper.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Graphical interface security</h2>
<p>Graphical interface may interact with netctl over <a href="#helper">DBus (the helper)</a> and over <a href="#library">the library</a>. Please refer to their notes to any additional information. If user uses helper he should have permissions to run it.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Library security</h2>
<p>According to <a href="#arch">the scheme</a> library gets information from netctl and can control it. Also it provides some additional functions such as a profile creation and removal and access to wpa_supplicant functions. Some function does not require additional permissions, but other ones do it. All dynamic arguments including profile names and paths are in double quotes to avoid white spaces problem. The functions which requires root privileges are:</p>
<h2><a href="#library" class="anchor" name="library"></a>Library security</h2>
<p>According to <a href="#arch">the scheme<a> the library gets information from netctl and can control it. Also it provides some additional functions such as a profile creation and removal and access to wpa_supplicant functions. Some functions do not require additional permissions, but other ones do it. All dynamic arguments including profile names and paths are in double quotes to avoid white spaces problem. The functions which <b>require</b> root privileges are:</p>
<ul>
<li>Netctl control module</li>
<ul>
@ -66,10 +40,44 @@
</ul>
<li>WiFi module</li>
<ul>
<li>This module require root privileges to start wpa_supplicant only. For the futher interaction user must be in <code>CTRL_GROUP</code>.</li>
<li>This module require root privileges to start <code>wpa_supplicant</code> only. For the futher interaction user must be in <code>CTRL_GROUP</code>.</li>
</ul>
</ul>
<p>If library will be initialized with <code>FORCE_SUDO=true</code> than it will use <code>sudo</code> command (which can be transferred to the library by <code>SUDO_PATH</code> option). Otherwise it will try to set UID of children processes to 0. Please note that <code>sudo</code> command and UID setting will be used only for those commands which require it.</p>
<h2><a href="#helper" class="anchor" name="helper"></a>Helper security</h2>
<p>First of all the helper <b>does not interact</b> with netctl directly, it uses the library to do it. So all library security notes are applicable here. To start the helper and to create DBus services user must be in <code>netcwork</code> group by default (or must be root). But you may change it by editing <code>$DBUS_SYSTEMCONF_PATH/org.netctlgui.helper.conf</code> policy file (<code>/etc/dbus-1/system.d/org.netctlgui.helper.conf</code> by default). Please refer to DBus documentation to do it.</p>
<p>There are two binaries <code>netctgui-helper</code> and <code>netctlgui-helper-suid</code>. They are the same, but the second one has SUID bit, so it can be running by normal user without any password. Please note that <b>it is dangerous</b> and recommended way is to use systemd daemon. In this case you may not install <code>netctlgui-helper-suid</code> binary.</p>
<p>There are two configuration files <code>$HOME/.config/netctl-gui.conf</code> and <code>/etc/netctl-gui.conf</code>. The first one is a user configuration and the second one is a system-wide. Please note that by default user configuration has higher priority than system-wide, but running with <code>--system</code> flag user configuration will not be reading. The helper and GUI configurations are the same (although some keys aren't needed).</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Graphical interface security</h2>
<p>Graphical interface may interact with netctl over <a href="#helper">DBus (the helper)</a> and over <a href="#library">the library</a>. Please refer to their notes to any additional information. If user uses helper he should have permissions to run it.</p>
<h2><a href="#kde" class="anchor" name="kde"></a>KDE components security</h2>
<p>There are two netctl-based commands which are run from the DataEngine</p>
<ul>
<li><code>&lt;cmd&gt; list</code></li>
<li><code>netctl is-enabled &lt;profile&gt;</code></li>
</ul>
<p>Both of them do not require any additional privileges normally. Also DataEngine has two other command which will be run from; they should define external IP. According to the idea that user can set <b>any</b> command to run, this module is not secure. But running commands will not do more than user can do from console himself.</p>
<p>The widget gets information from DataEngine, thus it does not require any additional permissions to show information. But netctl calls are used to control netctl. In this case used commands are</p>
<ul>
<li><code>netctl enable &lt;profile&gt;</code></li>
<li><code>netctl disable &lt;profile&gt;</code></li>
<li><code>netctl restart &lt;profile&gt;</code></li>
<li><code>netctl start &lt;profile&gt;</code></li>
<li><code>netctl stop &lt;profile&gt;</code></li>
<li><code>netctl switch-to &lt;profile&gt;</code></li>
<li><code>netctl-auto switch-to &lt;profile&gt;</code></li>
</ul>
<p>All netctl-based commands <b>require</b> root privileges and <code>sudo</code> (and any other alternatives) is used normally as prefix to the commands. The netctl-auto command <b>does not require</b> additional permissions.</p>
<p>The other way is to use DBus communication with <a href="#helper">the helper</a>. In this case user should have rights to start the helper.</p>
<h2><a href="#links" class="anchor" name="links"></a>External links</h2>
<ul>
<li><a href="http://arcanis.name/projects/netctl-gui/">Homepage</a></li>

88
sources/gui/docs/netctl-gui-security-notes.html~
View File

@ -1,88 +0,0 @@
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>netctl-gui secutiry notes</title>
<style type="text/css">
</style>
<h1>netctl-gui security notes</h1>
<h3>Project version : @PROJECT_VERSION@</h3>
<ol>
<li><a href="#description">Description</a></li>
<li><a href="#arch">Architecture</a></li>
<li><a href="#kde">KDE components security</a></li>
<li><a href="#kde">Graphical interface security</a></li>
<li><a href="#library">Library security</a></li>
<li><a href="#helper">Helper security</a></li>
<ul><li><a href="#helper-suid">Run helper with SUID bit</a></li></ul>
<li><a href="#links">External links</a></li>
</ol>
</head>
<body>
<h2><a href="#description" class="anchor" name="description"></a>Description</h2>
<p></p>
<h2><a href="#arch" class="anchor" name="arch"></a>Architecture</h2>
<img src="architecture.png" alt="architecture" align="middle">
<h2><a href="#kde" class="anchor" name="kde"></a>KDE components security</h2>
<p>There are two netctl-based commands which are run from the DataEngine</p>
<ul>
<li><code>&lt;cmd&gt; list</code></li>
<li><code>netctl is-enabled &lt;profile&gt;</code></li>
</ul>
<p>Both of them do not require any additional privileges normally. Also DataEngine has two other command which will be run from; they should define external IP. According to the idea that user can set <i>any</i> command to run, this module is not secure. But running commands will not do more than user can do from console himself.</p>
<p>The widget gets information from DataEngine, thus it does not require any additional permissions to show information. But netctl calls with root privileges are used to control netctl. In this case used commands are</p>
<ul>
<li><code>netctl enable &lt;profile&gt;</code></li>
<li><code>netctl disable &lt;profile&gt;</code></li>
<li><code>netctl restart &lt;profile&gt;</code></li>
<li><code>netctl start &lt;profile&gt;</code></li>
<li><code>netctl stop &lt;profile&gt;</code></li>
<li><code>netctl switch-to &lt;profile&gt;</code></li>
<li><code>netctl-auto switch-to &lt;profile&gt;</code></li>
</ul>
<p>All netctl-based commands <i>requires</i> root privileges and <code>sudo</code> (and any other alternatives) is used normally as prefix to the commands. The netctl-auto command does not require additional permissions.</p>
<p>The other way is to use DBus communication with <a href="#helper">the helper</a>. In this case user should have rights to start the helper.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Graphical interface security</h2>
<p>Graphical interface may interact with netctl over <a href="#helper">DBus (the helper)</a> and over <a href="#library">the library</a>. Please refer to their notes to any additional information. If user uses helper he should have permissions to run it.</p>
<h2><a href="#gui" class="anchor" name="gui"></a>Library security</h2>
<p>According to <a href="#arch">the scheme</a> library gets information from netctl and can control it. Also it provides some additional functions such as a profile creation and removal and access to wpa_supplicant functions. Some function does not require additional permissions, but other ones do it. All dynamic arguments including profile names and paths are in double quotes to avoid white spaces problem. The functions which requires root privileges are:</p>
<ul>
<li>Netctl control module</li>
<ul>
<li><code>netctl start|stop|restart|switch-to|enable|disable &lt;profile&gt;</code>. They are commands which provide a general control to netctl.</li>
<li><code>systemctl start|restart|enable &lt;netctl-auto@service&gt;</code>. They are commands which provide ability to control netctl-auto systemd service.</li>
</ul>
<li>Netctl profiles module</li>
<ul>
<li>Copying of a temporary profile from home directory to netctl profiles directory. <code>cp</code> command is used for it.</li>
<li>Removal of a profile. <code>rm</code> command is used for it.</li>
</ul>
<li>WiFi module</li>
<ul>
<li>This module require root privileges to start wpa_supplicant only. For the futher interaction user must be in <code>CTRL_GROUP</code>.</li>
</ul>
</ul>
<p></p>
<h2><a href="#links" class="anchor" name="links"></a>External links</h2>
<ul>
<li><a href="http://arcanis.name/projects/netctl-gui/">Homepage</a></li>
<li><a href="https://github.com/arcan1s/netctl-gui">Repository</a></li>
<li><a href="https://github.com/arcan1s/netctl-gui/issues">Bugtracker</a></li>
</ul>
<p align="center" style="font-size: 70%">
&copy; 2014-@CURRENT_YEAR@ <a href="mailto:@PROJECT_CONTACT@">@PROJECT_AUTHOR@</a><br>
This software is licensed under @PROJECT_LICENSE@
</p>
</body>
</html>

BIN
sources/gui/docs/rawscheme.ppt Normal file
View File

Binary file not shown.

1
sources/helper/CMakeLists.txt
View File

@ -21,6 +21,7 @@ file (RELATIVE_PATH SUBPROJECT_MAN ${CMAKE_SOURCE_DIR} ${SUBPROJECT_MAN_IN})
configure_file (${SUBPROJECT_MAN_IN} ${CMAKE_CURRENT_BINARY_DIR}/${SUBPROJECT_MAN})
install (FILES org.netctlgui.helper.conf DESTINATION ${DBUS_SYSTEMCONF_PATH})
install (FILES netctlgui-helper.conf DESTINATION /etc)
install (FILES netctlgui-helper.service DESTINATION ${SYSTEMD_SERVICE_PATH})
install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${SUBPROJECT_MAN} DESTINATION share/man/man1/)
install (FILES bash-completions DESTINATION share/bash-completion/completions/ RENAME ${SUBPROJECT})

1
sources/helper/bash-completions
View File

@ -25,6 +25,7 @@ _netctlgui_helper_arglist=(
'--nodaemon'
'--replace'
'--restore'
'--system'
'-v'
'--version'
'-i'

2
sources/helper/netctlgui-helper.1
View File

@ -22,6 +22,8 @@ do not run as daemon
force replace the existing session
.IP "--restore"
force restore the existing session
.IP "--system"
do not read user configuration
.IP "-v, --version"
show version and exit
.IP "-i, --info"

24
sources/helper/netctlgui-helper.conf Normal file
View File

@ -0,0 +1,24 @@
CLOSETOTRAY=true
CLOSE_HELPER=false
CTRL_DIR=/run/wpa_supplicant_netctl-gui
CTRL_GROUP=users
FORCE_SUDO=false
HELPER_PATH=/usr/bin/netctlgui-helper
HELPER_SERVICE=netctlgui-helper.service
IFACE_DIR=/sys/class/net/
LANGUAGE=en
NETCTLAUTO_PATH=/usr/bin/netctl-auto
NETCTLAUTO_SERVICE=netctl-auto
NETCTL_PATH=/usr/bin/netctl
PID_FILE=/run/wpa_supplicant_netctl-gui.pid
PREFERED_IFACE=
PROFILE_DIR=/etc/netctl/
RFKILL_DIR=/sys/class/rfkill/
STARTTOTRAY=false
SUDO_PATH=/usr/bin/sudo
SYSTEMCTL_PATH=/usr/bin/systemctl
SYSTRAY=true
USE_HELPER=true
WPACLI_PATH=/usr/bin/wpa_cli
WPASUP_PATH=/usr/bin/wpa_supplicant
WPA_DRIVERS=nl80211,wext

2
sources/helper/netctlgui-helper.service
View File

@ -3,7 +3,7 @@ Description=netctlgui-helper daemon
[Service]
Type=forking
ExecStart=/usr/bin/netctlgui-helper
ExecStart=/usr/bin/netctlgui-helper --system
[Install]
WantedBy=multi-user.target

3
sources/helper/src/main.cpp
View File

@ -67,6 +67,9 @@ int main(int argc, char *argv[])
} else if (QString(argv[i]) == QString("--restore")) {
// restore
args[QString("state")] = (int) 2;
} else if (QString(argv[i]) == QString("--system")) {
// system
args[QString("system")] = true;
} else if ((QString(argv[i]) == QString("-h")) || (QString(argv[i]) == QString("--help"))) {
// help message
args[QString("help")] = true;

3
sources/helper/src/messages.cpp
View File

@ -38,6 +38,7 @@ QMap<QString, QVariant> getArgs()
args[QString("debug")] = false;
args[QString("nodaemon")] = false;
args[QString("state")] = (int) 0;
args[QString("system")] = false;
args[QString("help")] = false;
args[QString("info")] = false;
args[QString("version")] = false;
@ -64,6 +65,8 @@ QString helpMessage()
.arg(QCoreApplication::translate("NetctlHelper", "force replace the existing session"));
helpMessage += QString(" --restore - %1\n")
.arg(QCoreApplication::translate("NetctlHelper", "force restore the existing session"));
helpMessage += QString(" --system - %1\n")
.arg(QCoreApplication::translate("NetctlHelper", "do not read user configuration, system-wide only"));
helpMessage += QString(" %1\n").arg(QCoreApplication::translate("NetctlHelper", "Show messages:"));
helpMessage += QString(" -v, --version - %1\n")
.arg(QCoreApplication::translate("NetctlHelper", "show version and exit"));

17
sources/helper/src/netctlhelper.cpp
View File

@ -33,7 +33,8 @@
NetctlHelper::NetctlHelper(QObject *parent, QMap<QString, QVariant> args)
: QObject(parent),
configPath(args[QString("config")].toString()),
debug(args[QString("debug")].toBool())
debug(args[QString("debug")].toBool()),
system(args[QString("system")].toBool())
{
updateConfiguration();
if (!args[QString("nodaemon")].toBool())
@ -136,12 +137,16 @@ QMap<QString, QString> NetctlHelper::getDefault()
}
QMap<QString, QString> NetctlHelper::getSettings()
QMap<QString, QString> NetctlHelper::getSettings(const QString file, const QMap<QString, QString> existing)
{
if (debug) qDebug() << "[NetctlHelper]" << "[getSettings]";
QMap<QString, QString> settings = getDefault();
QFile configFile(configPath);
QMap<QString, QString> settings;
if (existing.isEmpty())
settings = getDefault();
else
settings = existing;
QFile configFile(file);
QString fileStr;
if (!configFile.open(QIODevice::ReadOnly))
return settings;
@ -168,7 +173,9 @@ void NetctlHelper::updateConfiguration()
if (debug) qDebug() << "[NetctlHelper]" << "[updateConfiguration]";
deleteInterface();
configuration = getSettings();
configuration = getSettings(QString("/etc/netctlgui-helper.conf"));
if (!system)
configuration = getSettings(configPath, configuration);
createInterface();
}

4
sources/helper/src/netctlhelper.h
View File

@ -41,10 +41,12 @@ private:
QString configPath;
QMap<QString, QString> configuration;
bool debug;
bool system;
void createInterface();
void deleteInterface();
QMap<QString, QString> getDefault();
QMap<QString, QString> getSettings();
QMap<QString, QString> getSettings(const QString file,
const QMap<QString, QString> existing = QMap<QString, QString>());
};

1
sources/helper/zsh-completions
View File

@ -24,6 +24,7 @@ _netctlgui_helper_arglist=(
{'--nodaemon','--nodaemon'}'[do not start as daemon]'
{'--replace','--replace'}'[force replace the existing session]'
{'--restore','--restore'}'[force restore the existing session]'
{'--system','--system'}'[do not read user configuration]'
{'(--version)-v','(-v)--version'}'[show version and exit]'
{'(--info)-i','(-i)--info'}'[show build information and exit]'
{'(--help)-h','(-h)--help'}'[show help and exit]'