Ubuntu
network-manager-pptp package

backout change introduced for bug 343270 to prevent breach of security

Bug #364356 reported by Alexander Sack
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
network-manager-pptp (Ubuntu)
Fix Released
High
Alexander Sack

Bug Description

Binary package hint: network-manager-pptp

bug 343270 added a at_console rule to udev, which shouldn't be needed as both parts communicating there are uid=0 (as you can see in the error pasted there); bug 343270 isn't reproducible with default conf files shipped, so the change is not-needed and breaches security as with that all users with local access to the console will be able to do mess with the nm vpn dbus service.

Revision history for this message
Alexander Sack (asac) wrote :

bzr commit -m 'RELEASE 0.7.1~rc4.20090316+bzr23-0ubuntu3 to ubuntu/jaunty
* backout permission patch which isn't needed as root is already allowed
  to do this. The user from LP: #343270 probably had touched some NetworkManager
  dbus policy files and hence didn't have the the latest installed. (LP: #364356)
  - remove patches/lp343270_dbus-permissions.patch
* add Vcs-Bzr: header to debian/control' --fixes 'lp:343270' --fixes 'lp:364356'
Committing to: bzr+ssh://bazaar.launchpad.net/~network-manager/network-manager/pptp-ubuntu.0.7.1/
modified changelog
modified control
deleted patches/lp343270_dbus-permissions.patch
Committed revision 10.

Changed in network-manager-pptp (Ubuntu):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Alexander Sack (asac) wrote :

patch that backs out bug 343270

Revision history for this message
Alexander Sack (asac) wrote :

uploaded network-manager-pptp_0.7.1~rc4.20090316+bzr23-0ubuntu3_source.changes to ubuntu/jaunty

Revision history for this message
Luca Falavigna (dktrkranz) wrote :

Fine for me.

Revision history for this message
Iulian Udrea (iulian) wrote :

Ack #2. Please go ahead.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-pptp - 0.7.1~rc4.20090316+bzr23-0ubuntu3

---------------
network-manager-pptp (0.7.1~rc4.20090316+bzr23-0ubuntu3) jaunty; urgency=low

  * backout permission patch which isn't needed as root is already allowed
    to do this. The user from LP: #343270 probably had touched some NetworkManager
    dbus policy files and hence didn't have the the latest installed. (LP: #364356)
    - remove patches/lp343270_dbus-permissions.patch
  * add Vcs-Bzr: header to debian/control

 -- Alexander Sack <email address hidden> Tue, 21 Apr 2009 00:40:52 +0200

Changed in network-manager-pptp (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
MattJ (railmeat) wrote :

I don't think this is fixed. At least I cannot connect via PPTP.

uname -a
Linux MJT61PLin904 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux

mattj@MJT61PLin904:~$ dpkg -s network-manager-pptp
Package: network-manager-pptp
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 980
Maintainer: Ubuntu MOTU Developers <email address hidden>
Architecture: i386
Version: 0.7.1~rc4.20090316+bzr23-0ubuntu3
Depends: pptp-linux, ppp (>= 2.4.5~git), libatk1.0-0 (>= 1.20.0), libc6 (>= 2.3.6-6~), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4)

I get This in syslog:

May 14 21:12:46 MJT61PLin904 NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
May 14 21:12:46 MJT61PLin904 NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))
May 14 21:12:46 MJT61PLin904 NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Isn't this what this bug was supposed to fix? Is there something else I need to do, in addition to updating Network Manager pptp?

Revision history for this message
Ge-org Brohammer (administrator-newadventure) wrote :
Download full text (3.7 KiB)

I think I have the same bug but with openvpn.

ge-org@ge-org-laptop:~$ dpkg -s network-manager-openvpn
Package: network-manager-openvpn
Status: install ok installed
Priority: optional
Section: universe/net
Installed-Size: 1116
Maintainer: Ubuntu MOTU Developers <email address hidden>
Architecture: amd64
Version: 0.7.1~rc4.1.20090323+bzr27-0ubuntu2
Depends: libatk1.0-0 (>= 1.20.0), libc6 (>= 2.4), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4), openvpn
Conffiles:
 /etc/dbus-1/system.d/nm-openvpn-service.conf e7ccbdcde9fad814c0ae435f71a7815f
 /etc/NetworkManager/VPN/nm-openvpn-service.name 5ce4e99c47e6c892de0a4320821e421b
Description: network management framework (OpenVPN plugin)
 NetworkManager attempts to keep an active network connection available at
 all times. It is intended primarily for laptops where it allows easy
 switching betwen local wireless networks, it's also useful on desktops
 with a selection of different interfaces to use. It is not intended for
 usage on servers.
 .
 This package provides a VPN plugin for OpenVPN.
Original-Maintainer: Soren Hansen <email address hidden>

Syslog:

May 26 13:50:59 ge-org-laptop NetworkManager: <info> Policy set 'MTN' (ppp0) as default for routing and DNS.
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005394] ensure_killed(): waiting for vpn service pid 14856 to exit
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005826] ensure_killed(): vpn service pid 14856 cleaned up
May 26 13:51:30 ge-org-laptop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
May 26 13:51:30 ge-org-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 14923
May 26 13:51:30 ge-org-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
May 26 13:51:30 ge-org-laptop NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=14923 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))
May 26 13:51:30 ge-org-laptop NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (ui...

Read more...

Revision history for this message
Oleksandr (retif) wrote :

jaunty and network-manager-pptp_0.7.1~rc4.20090316+bzr23-0ubuntu3_i386.deb

i have the same NeedSecrets failed

Jun 8 23:31:12 shedar NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...

Jun 8 23:31:12 shedar NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 4298

Jun 8 23:31:12 shedar NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections

Jun 8 23:31:12 shedar NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call",

sender=":1.7" (uid=0 pid=2464 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets"

error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=4298 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Jun 8 23:31:12 shedar NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=2464

comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)"

requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=4298 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Jun 8 23:31:12 shedar NetworkManager: <info> Policy set 'Wired connection 1' (eth0) as default for routing and DNS.

Jun 8 23:31:25 shedar NetworkManager: <debug> [1244493085.002173] ensure_killed(): waiting for vpn service pid 4298 to exit

Jun 8 23:31:25 shedar NetworkManager: <debug> [1244493085.002307] ensure_killed(): vpn service pid 4298 cleaned up

Revision history for this message
Oleksandr (retif) wrote :

NetworkManager restart helps

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.