GNOME Bugzilla – Bug 760210
dropping privileges in NM, sandboxing
Last modified: 2020-11-12 14:31:27 UTC
This is a tracker bug for hardening NM more. 1) dropping more privileges ./data/NetworkManager.service already contains: CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL ProtectSystem=true ProtectHome=read-only Still, I think we would be well advised to restrict NM more. First of all, maybe we should also set the same capabilities from NM itself. Lubomir said it is the job of the service manager to do that. I agree, but in *addition* it seems worthwhile that NM itself drops capabilities too. Reason: - support for non-systemd-systems - I often start NM on the command line for debugging. I want this feature then too. 2.) we do now pretty dangerous stuff in NM core process itself: - systemd dhcp implementation - libndp - lndp(?) I think we should fork processes (with reduced privileges) to perform these tasks. 3.) see how to sandbox/harden VPN plugins 4.) other? pppd?
bugzilla.gnome.org is being shut down in favor of a GitLab instance. We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time. If you still use NetworkManager and if you still see this bug / want this feature in a recent and supported version of NetworkManager, then please feel free to report it at https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ Thank you for creating this report and we are sorry it could not be implemented (workforce and time is unfortunately limited).