WPA2 Enterprise certificate file selector does not check read permissions

Bug #393103 reported by Michael Helmling on 2009-06-28
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GTK+
Expired
Wishlist
Network Manager Applet
New
Low
One Hundred Papercuts
Undecided
Unassigned
gtk+2.0 (Ubuntu)
Low
Unassigned
network-manager-applet (Ubuntu)
Low
Unassigned

Bug Description

The WPA2 Enterprise dialog in NetworkManager has lots of configuration fields, and some are necessary to save the connection. Unfortunately, the GUI doesn't provide any feedback what particular field is missing / wrong. This was particularly annoying in my special case:
For my university's network, I need to provide a certain CA certificate, which I downloaded and copied to /etc/ssl/certs. I then selected the file in the gnome file chooser dialog by typing the directory in the bash-like selection textfield. The automatic completion showed my certiticate, and so I opened it. However, "apply" was still greyed out. As I noticed after some searching, the file was set to file mode 600 and owned by root.
So, the file should either not be considered by the completion in the selection textfield, or there should be some feedback why it can't be used.
The same happens if the file is in a wrong format.

I think the actual bug lies in the auto completion, because now I noticed that the "bad" cert is NOT displayed in the graphical folder vew.

Lightbreeze (nedhoy-gmail) wrote :

I'm not able to reproduce this bug, could you please post simple steps that consistently reproduce? Thanks!

Changed in hundredpapercuts:
status: New → Incomplete
Lightbreeze (nedhoy-gmail) wrote :

Okay, so you can type '/usr/bin/firefox' into the edit bar and hit enter. It opens 'firefox' even though perhaps it should limit to the formats specified (*.der, *.pem, *.crt, *.cer).

Michael Helmling (supermihi) wrote :

Yes, that's what I mean - basically, the same filters should be applied to the auto completion as to the folder view.
If you go to /usr/bin, the firefox isn't displayed, also if you do some nonsense like "echo foo > test.cer", the folder view won't display this file as it recognizes that it is not a valid certificate. The same holds true if the file is not readable by the current user.
The solution that I would propose is just to use the same filter for the possible paths that auto-completion considers as for the files that are displayed inside the current folder.

Sebastien Bacher (seb128) wrote :

why do you think that's a gtk bug?

Changed in gtk+2.0 (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Alexander Sack (asac) wrote :

the potential bug in gtk+ would be that the gtk file dialog seems to display files even though the process owner cannot read them.

summary: - No feedback why the "apply" button in WPA2 Enterprise dialog is greyed
- out
+ WPA2 Enterprise certificate file selector does not check read
+ permissionss
summary: WPA2 Enterprise certificate file selector does not check read
- permissionss
+ permissions
Alexander Sack (asac) wrote :

seb, if you think NM is doing something wrong please reopen the nm applet task.

affects: network-manager (Ubuntu) → network-manager-applet (Ubuntu)
Changed in network-manager-applet (Ubuntu):
assignee: nobody → Alexander Sack (asac)
importance: Undecided → Low
status: New → Invalid
Sebastien Bacher (seb128) wrote :

you suggest not listing files which are not usuable due to permissions issues? wouldn't that be confusing for users? having a message stating why the selected file can't be open would be better

Michael Helmling (supermihi) wrote :

Well, what I wanted to point out originally is the inconsistency between what is being displayed and what the path completion suggests. @seb: Already at the moment, files with wrong permissions are not listed.

Michael Helmling (supermihi) wrote :

Since I seem to confuse people, here's a screenshot of what I mean. The test.crt belongs to root and has mode 600, so it's not listed, but appears in the completion. I don't really know if this is a bad thing, but seems somewhat inconsistent to me.

On Mon, Jul 06, 2009 at 05:18:11PM -0000, Michael Helmling wrote:
> Since I seem to confuse people, here's a screenshot of what I mean. The
> test.crt belongs to root and has mode 600, so it's not listed, but
> appears in the completion. I don't really know if this is a bad thing,
> but seems somewhat inconsistent to me.
>

Yeah, so if the completion shows things not in the file list really
seems to be a gtk problem.

maybe applet should display a proper warning too. so lets keep both
tasks open.

 - Alexander

Changed in network-manager-applet (Ubuntu):
status: Invalid → In Progress
Changed in gtk+2.0 (Ubuntu):
status: Incomplete → Triaged
Alexander Sack (asac) wrote :

added upstream target for gtk and nm-applet.

Changed in network-manager-applet (Ubuntu):
status: In Progress → Triaged
Alexander Sack (asac) wrote :
Changed in network-manager-applet:
importance: Undecided → Unknown
status: New → Unknown
Changed in network-manager-applet (Ubuntu):
assignee: Alexander Sack (asac) → nobody
Changed in network-manager-applet:
status: Unknown → New
David Tombs (dgtombs) wrote :

Thank you for bringing this bug to our attention. However, a paper cut should be something the average user will encounter, and many users do not use the auto-completion in the filechooser. (I didn't even know it existed.) So this bug can't be addressed as part of this project.

For further information about papercuts criteria, please read https://wiki.ubuntu.com/PaperCut.

Don't worry though, this bug has been marked as "Invalid" only in the papercuts project.

Changed in gtk:
importance: Undecided → Unknown
status: New → Unknown
Changed in hundredpapercuts:
status: Incomplete → Invalid
Changed in gtk:
status: Unknown → Confirmed
Changed in network-manager-applet:
importance: Unknown → Low
Changed in gtk:
importance: Unknown → Wishlist
Changed in gtk:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.