Ubuntu
network-manager-pptp package

backout change introduced for bug 343270 to prevent breach of security

Bug #364356 reported by Alexander Sack on 2009-04-20

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager-pptp (Ubuntu)	Fix Released	High	Alexander Sack

Bug Description

Binary package hint: network-manager-pptp

bug 343270 added a at_console rule to udev, which shouldn't be needed as both parts communicating there are uid=0 (as you can see in the error pasted there); bug 343270 isn't reproducible with default conf files shipped, so the change is not-needed and breaches security as with that all users with local access to the console will be able to do mess with the nm vpn dbus service.

Related branches

lp:~network-manager/network-manager/pptp-ubuntu.0.7.1

lp:ubuntu/lucid/network-manager-pptp

Revision history for this message

Alexander Sack (asac) wrote on 2009-04-20:

bzr commit -m 'RELEASE 0.7.1~rc4.20090316+bzr23-0ubuntu3 to ubuntu/jaunty
* backout permission patch which isn't needed as root is already allowed
  to do this. The user from LP: #343270 probably had touched some NetworkManager
  dbus policy files and hence didn't have the the latest installed. (LP: #364356)
  - remove patches/lp343270_dbus-permissions.patch
* add Vcs-Bzr: header to debian/control' --fixes 'lp:343270' --fixes 'lp:364356'
Committing to: bzr+ssh://bazaar.launchpad.net/~network-manager/network-manager/pptp-ubuntu.0.7.1/
modified changelog
modified control
deleted patches/lp343270_dbus-permissions.patch
Committed revision 10.

Changed in network-manager-pptp (Ubuntu):
assignee:	nobody → Alexander Sack (asac)
importance:	Undecided → High
status:	New → Fix Committed

Revision history for this message

Alexander Sack (asac) wrote on 2009-04-21:

364356.debdiff Edit (3.1 KiB, text/plain)

patch that backs out bug 343270

Revision history for this message

Alexander Sack (asac) wrote on 2009-04-21:

uploaded network-manager-pptp_0.7.1~rc4.20090316+bzr23-0ubuntu3_source.changes to ubuntu/jaunty

Revision history for this message

Luca Falavigna (dktrkranz) wrote on 2009-04-21:

Fine for me.

Revision history for this message

Iulian Udrea (iulian) wrote on 2009-04-21:

Ack #2. Please go ahead.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-04-21:

This bug was fixed in the package network-manager-pptp - 0.7.1~rc4.20090316+bzr23-0ubuntu3

---------------
network-manager-pptp (0.7.1~rc4.20090316+bzr23-0ubuntu3) jaunty; urgency=low

  * backout permission patch which isn't needed as root is already allowed
    to do this. The user from LP: #343270 probably had touched some NetworkManager
    dbus policy files and hence didn't have the the latest installed. (LP: #364356)
    - remove patches/lp343270_dbus-permissions.patch
  * add Vcs-Bzr: header to debian/control

-- Alexander Sack <email address hidden> Tue, 21 Apr 2009 00:40:52 +0200

Changed in network-manager-pptp (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

MattJ (railmeat) wrote on 2009-05-15:

I don't think this is fixed. At least I cannot connect via PPTP.

uname -a
Linux MJT61PLin904 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux

mattj@MJT61PLin904:~$ dpkg -s network-manager-pptp
Package: network-manager-pptp
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 980
Maintainer: Ubuntu MOTU Developers <email address hidden>
Architecture: i386
Version: 0.7.1~rc4.20090316+bzr23-0ubuntu3
Depends: pptp-linux, ppp (>= 2.4.5~git), libatk1.0-0 (>= 1.20.0), libc6 (>= 2.3.6-6~), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4)

I get This in syslog:

May 14 21:12:46 MJT61PLin904 NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
May 14 21:12:46 MJT61PLin904 NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))
May 14 21:12:46 MJT61PLin904 NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Isn't this what this bug was supposed to fix? Is there something else I need to do, in addition to updating Network Manager pptp?

I don't think this is fixed. At least I cannot connect via PPTP.

uname -a
Linux MJT61PLin904 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux

mattj@MJT61PLin904:~$ dpkg -s network-manager-pptp
Package: network-manager-pptp
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 980
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Architecture: i386
Version: 0.7.1~rc4.20090316+bzr23-0ubuntu3
Depends: pptp-linux, ppp (>= 2.4.5~git), libatk1.0-0 (>= 1.20.0), libc6 (>= 2.3.6-6~), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4)

I get This in syslog:

May 14 21:12:46 MJT61PLin904 NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections 
May 14 21:12:46 MJT61PLin904 NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))
May 14 21:12:46 MJT61PLin904 NetworkManager: <WARN>  connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2898 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=5697 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Isn't this what this bug was supposed to fix? Is there something else I need to do, in addition to updating Network Manager pptp?

Revision history for this message

Ge-org Brohammer (administrator-newadventure) wrote on 2009-05-26:

Download full text (3.7 KiB)

I think I have the same bug but with openvpn.

ge-org@ge-org-laptop:~$ dpkg -s network-manager-openvpn
Package: network-manager-openvpn
Status: install ok installed
Priority: optional
Section: universe/net
Installed-Size: 1116
Maintainer: Ubuntu MOTU Developers <email address hidden>
Architecture: amd64
Version: 0.7.1~rc4.1.20090323+bzr27-0ubuntu2
Depends: libatk1.0-0 (>= 1.20.0), libc6 (>= 2.4), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4), openvpn
Conffiles:
/etc/dbus-1/system.d/nm-openvpn-service.conf e7ccbdcde9fad814c0ae435f71a7815f
/etc/NetworkManager/VPN/nm-openvpn-service.name 5ce4e99c47e6c892de0a4320821e421b
Description: network management framework (OpenVPN plugin)
NetworkManager attempts to keep an active network connection available at
all times. It is intended primarily for laptops where it allows easy
switching betwen local wireless networks, it's also useful on desktops
with a selection of different interfaces to use. It is not intended for
usage on servers.
.
This package provides a VPN plugin for OpenVPN.
Original-Maintainer: Soren Hansen <email address hidden>

Syslog:

May 26 13:50:59 ge-org-laptop NetworkManager: <info> Policy set 'MTN' (ppp0) as default for routing and DNS.
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005394] ensure_killed(): waiting for vpn service pid 14856 to exit
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005826] ensure_killed(): vpn service pid 14856 cleaned up
May 26 13:51:30 ge-org-laptop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
May 26 13:51:30 ge-org-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 14923
May 26 13:51:30 ge-org-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
May 26 13:51:30 ge-org-laptop NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=14923 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))
May 26 13:51:30 ge-org-laptop NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (ui...

I think I have the same bug but with openvpn.

ge-org@ge-org-laptop:~$ dpkg -s network-manager-openvpn 
Package: network-manager-openvpn
Status: install ok installed
Priority: optional
Section: universe/net
Installed-Size: 1116
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Architecture: amd64
Version: 0.7.1~rc4.1.20090323+bzr27-0ubuntu2
Depends: libatk1.0-0 (>= 1.20.0), libc6 (>= 2.4), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libfontconfig1 (>= 2.4.0), libfreetype6 (>= 2.2.1), libgconf2-4 (>= 2.13.5), libglade2-0 (>= 1:2.6.1), libglib2.0-0 (>= 2.18.0), libgnome-keyring0 (>= 2.25.90), libgtk2.0-0 (>= 2.16.0), libnm-glib0 (>= 0.7.1~20090213+gitf142e15), libnm-util1 (>= 0.7.1~20090213+gitf142e15), libpango1.0-0 (>= 1.14.0), libxml2 (>= 2.6.27), zlib1g (>= 1:1.1.4), openvpn
Conffiles:
 /etc/dbus-1/system.d/nm-openvpn-service.conf e7ccbdcde9fad814c0ae435f71a7815f
 /etc/NetworkManager/VPN/nm-openvpn-service.name 5ce4e99c47e6c892de0a4320821e421b
Description: network management framework (OpenVPN plugin)
 NetworkManager attempts to keep an active network connection available at
 all times.  It is intended primarily for laptops where it allows easy
 switching betwen local wireless networks, it's also useful on desktops
 with a selection of different interfaces to use.  It is not intended for
 usage on servers.
 .
 This package provides a VPN plugin for OpenVPN.
Original-Maintainer: Soren Hansen <sh@linux2go.dk>

Syslog:

May 26 13:50:59 ge-org-laptop NetworkManager: <info>  Policy set 'MTN' (ppp0) as default for routing and DNS. 
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005394] ensure_killed(): waiting for vpn service pid 14856 to exit 
May 26 13:51:12 ge-org-laptop NetworkManager: <debug> [1243338672.005826] ensure_killed(): vpn service pid 14856 cleaned up 
May 26 13:51:30 ge-org-laptop NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... 
May 26 13:51:30 ge-org-laptop NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 14923 
May 26 13:51:30 ge-org-laptop NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections 
May 26 13:51:30 ge-org-laptop NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=14923 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))
May 26 13:51:30 ge-org-laptop NetworkManager: <WARN>  connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=4688 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=14923 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic")) 
May 26 13:51:30 ge-org-laptop NetworkManager: <info>  Policy set 'MTN' (ppp0) as default for routing and DNS. 
May 26 13:51:43 ge-org-laptop NetworkManager: <debug> [1243338703.005374] ensure_killed(): waiting for vpn service pid 14923 to exit 
May 26 13:51:43 ge-org-laptop NetworkManager: <debug> [1243338703.005799] ensure_killed(): vpn service pid 14923 cleaned up 
May 26 13:55:56 ge-org-laptop NetworkManager: <info>  (ttyUSB0): device state change: 8 -> 3 
May 26 13:55:56 ge-org-laptop NetworkManager: <info>  (ttyUSB0): deactivating device (reason: 39).

Revision history for this message

Oleksandr (retif) wrote on 2009-06-09:

jaunty and network-manager-pptp_0.7.1~rc4.20090316+bzr23-0ubuntu3_i386.deb

i have the same NeedSecrets failed

Jun 8 23:31:12 shedar NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...

Jun 8 23:31:12 shedar NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 4298

Jun 8 23:31:12 shedar NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections

Jun 8 23:31:12 shedar NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call",

sender=":1.7" (uid=0 pid=2464 comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets"

error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=4298 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Jun 8 23:31:12 shedar NetworkManager: <WARN> connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.7" (uid=0 pid=2464

comm="/usr/sbin/NetworkManager --pid-file /var/run/Netwo") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)"

requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=4298 comm="/usr/lib/network-manager-pptp/nm-pptp-service "))

Jun 8 23:31:12 shedar NetworkManager: <info> Policy set 'Wired connection 1' (eth0) as default for routing and DNS.

Jun 8 23:31:25 shedar NetworkManager: <debug> [1244493085.002173] ensure_killed(): waiting for vpn service pid 4298 to exit

Jun 8 23:31:25 shedar NetworkManager: <debug> [1244493085.002307] ensure_killed(): vpn service pid 4298 cleaned up

Revision history for this message

Oleksandr (retif) wrote on 2009-06-10:

#10

NetworkManager restart helps

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

364356.debdiff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunetwork-manager-pptp package

backout change introduced for bug 343270 to prevent breach of security

Bug Description

Related branches

Other bug subscribers

Patches

Remote bug watches

Ubuntu
network-manager-pptp package