Jan Grulich
2015-11-12 15:14:10 UTC
I still do not get the reason for this. If a connection is of type system then NetworkManager will store its secrets (in plain text in most cases), that is a security risk and there will be no kwallet involved. Even if you uncheck "All users may connect to this network" and selects all users (is that what you want?), that also means any user will be able to read the password.
NM doesn't work that way, if you allow to a connection to be available for all users and set the password as agent-owned, then NM won't store it in its storage in plain text, it will just make the connection available/visible for everyone, but once someone else try to active it, NM will prompt for a password.The reason for this is, when you run LiveCD and create connection as system connection, it will be created in /etc/NetworkManager/system-connections and should be copied during installation from the LiveCD and later available on the newly installed system (just the password will be missing if it's stored into KWallet for liveuser). There shouldn't be any security risk because I changed how plasma-nm chooses password storage in Plasma 5.5 and it no longer depends on whether the connection is available for everyone or not.
- Jan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126041/#review88294
-----------------------------------------------------------
-----------------------------------------------------------
https://git.reviewboard.kde.org/r/126041/
-----------------------------------------------------------
(Updated Lis. 12, 2015, 11 dop.)
Review request for Network Management and Lamarque Souza.
Repository: plasma-nm
Description
-------
See summary, nm-connection-editor also have this by default. Reason for this are LiveCDs, where when you create system connections then they should be also in the installed system. Making all connections available for all also shouldn't be a problem due to security reasons because passwords are still saved into KWallet by default just for one user.
Diffs
-----
libs/editor/connectiondetaileditor.cpp 7370bbb
libs/editor/settings/ui/connectionwidget.ui 3111b54
libs/handler.cpp 20db520
Diff: https://git.reviewboard.kde.org/r/126041/diff/
Testing
-------
Thanks,
Jan Grulich
https://git.reviewboard.kde.org/r/126041/
-----------------------------------------------------------
(Updated Lis. 12, 2015, 11 dop.)
Review request for Network Management and Lamarque Souza.
Repository: plasma-nm
Description
-------
See summary, nm-connection-editor also have this by default. Reason for this are LiveCDs, where when you create system connections then they should be also in the installed system. Making all connections available for all also shouldn't be a problem due to security reasons because passwords are still saved into KWallet by default just for one user.
Diffs
-----
libs/editor/connectiondetaileditor.cpp 7370bbb
libs/editor/settings/ui/connectionwidget.ui 3111b54
libs/handler.cpp 20db520
Diff: https://git.reviewboard.kde.org/r/126041/diff/
Testing
-------
Thanks,
Jan Grulich