GNOME Bugzilla – Bug 84315
Gnome-session could set http_proxy in environment
Last modified: 2007-01-06 14:58:19 UTC
In gnome2 it is possible to set the location of the network HTTP proxy. It would be useful if gnome-session could set the environment variable http_proxy (and other related ones) to the value given, so that it may be picked up by non-gnome applications run from within the session (e.g. Lynx or wget run from an gnome-terminal).
Is this really GNOME's job? Personally I think not.
Hmm, I meant to close this. I agree, this isn't something GNOME should be doing.
*** Bug 148421 has been marked as a duplicate of this bug. ***
I don't understand why gnome should not do this. For people who use there laptop in different places with different settings. It would be very helpful if I just had to change the proxy settings in just one place
It's worth considering this a bit more, I think. gnome-terminal (see bug #321952) does this, but it would make more sense in gnome-session.
Created attachment 72321 [details] [review] gnome-session-http-proxy.patch Here's a fairly untested patch to implement this.
This patch is shipping in FC6, fwiw. While I'm a bit skeptical about whether this is best done in gnome-session, I also don't think it will cause big problems. I suppose we'd have to rethink if there were a large number of variables we'd want to handle this way, or if we ran into some unforseen failure mode. Meanwhile I don't see any reason to keep this out.
See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212319 for one bug. Ray: if you move the code into gsm-proxy.[ch], fix the bug above, then I think it's good to commit to HEAD (I'd prefer the notify handler to not re-read all the keys, but it's not a big deal)
Created attachment 75483 [details] [review] move code to gsm-proxy.[ch] I committed the above patch which has the changes you mentioned. I didn't change the way the notify handler reads its keys, because the gconf client apis already do caching of values in watched gconf directories. 2006-10-26 Ray Strode <rstrode@redhat.com> Set http_proxy environment variable based on GNOME settings for legacy apps (bug 84315). * Makefile.am: add gsm-proxy.c and gsm-proxy.h * gsm-proxy.[ch] (gsm_set_up_legacy_proxy_environment): new file to contain function for monitoring GNOME proxy settings. * headers.h: add #defines for gconf keys to proxy settings (edit_session_name): Connect to entry's activate signal. * main.c (main): call gsm_set_up_legacy_proxy_environment
A couple of problems: a) Did anyone at all consider the security implications of this? This moves a user's (possibly SSO) password out of the gconf database right into their environment. This may seem like not such a big deal since the password is accessible in the gconf database for anyone sitting down at somebody else's workstation, but the gconf database is not usually a part of automated bug report data gathering. Frequently the user's environment is. So users will be sending their proxy and/or whole network SSO credentials in bug reports to public bug tracking systems. b) The implementation is wrong: http_proxy = g_strdup_printf ("http://%s%s%s%s%s:%d", user_name != NULL? user_name : "", user_name != NULL && password != NULL? "@" : "", user_name != NULL && password != NULL? password : "", user_name != NULL? ":" : "", host, port); The format is http://user_name:password@host:port, not http://user_name@password:host:port. Did anyone test or even review this code before committing it? It simply could not have worked -- unless the proxy server it was tested against is/was broken. Can we please pay attention to item (a) though before working on (b)? This is a serious security issue.
Created attachment 77190 [details] [review] committed change that swaps @ and : in http_proxy variable So that's pretty embarrassing. I should have spent more time testing the patch before committing it; sorry about that. As far as the security concerns go I would say that storing the password in GConf is on the same level as storing it in the environment. If the http proxy password is something that can be considered security-sensitive, then we should be keeping it in the default keyring and shouldn't be setting http_proxy if use_authentication is set.
Created attachment 77193 [details] [review] don't set http_proxy if user's proxy requires authentication I've committed the above, which just disables the feature in the authenticated proxy case. There are already other cases where we don't set the variable (like proxy auto configuration), so I think it's probably okay not to set it in this case either.
I've filed bug 379687 to address the proxy-password-getting-stored-gconf problem.
(In reply to comment #12) > Created an attachment (id=77193) [edit] > don't set http_proxy if user's proxy requires authentication > > I've committed the above, which just disables the feature in the authenticated > proxy case. In what version of gnome-session should this (have) show(ed) up? I am running 2.17.3 and I am still seeing my username/password in the http_proxy variable in my environment.