I don't think that the NetworkManager daemon is involved. Or PolicyKit permissions (like org.freedesktop.NetworkManager.settings.modify.own).
The login screen runs nm-applet as lightdm user.
nm-applet doesn't have a concept of running in a restricted mode. That is, it's running as a certain user and it doesn't try to prevent that user from accessing system resources (files) that the user can regularly access.
That is, when it shows the file-picker GUI to allow the user to choose a file, it doesn't try to prevent that user from seeing certain files (yes, it's made worse as the GTK filepicker allows to open the file).
The applet doesn't treat its user as a potential attacker.
How to fix that, is a good question...
Maybe applet could learn a new command line options ("--restricted"), which prevents the user from doing certain things that are considered unsafe.
- maybe that means to show a less powerful filepicker that cannot open files,
- maybe it also means to disallow the file-picker to mount filesystems (which makes the
filepicker pretty useless),
- in the end it probably means to prevent the user from creating any connection -- only to
connect to previously configured networks.
Or maybe the login screen should choose to run a different applet instead (or none)...
I don't think that the NetworkManager daemon is involved. Or PolicyKit permissions (like org.freedesktop .NetworkManager .settings. modify. own).
The login screen runs nm-applet as lightdm user.
nm-applet doesn't have a concept of running in a restricted mode. That is, it's running as a certain user and it doesn't try to prevent that user from accessing system resources (files) that the user can regularly access.
That is, when it shows the file-picker GUI to allow the user to choose a file, it doesn't try to prevent that user from seeing certain files (yes, it's made worse as the GTK filepicker allows to open the file).
The applet doesn't treat its user as a potential attacker.
How to fix that, is a good question...
Maybe applet could learn a new command line options ("--restricted"), which prevents the user from doing certain things that are considered unsafe.
- maybe that means to show a less powerful filepicker that cannot open files,
- maybe it also means to disallow the file-picker to mount filesystems (which makes the
filepicker pretty useless),
- in the end it probably means to prevent the user from creating any connection -- only to
connect to previously configured networks.
Or maybe the login screen should choose to run a different applet instead (or none)...