© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I don't think that the NetworkManager daemon is involved. Or PolicyKit permissions (like org.freedesktop
The login screen runs nm-applet as lightdm user.
nm-applet doesn't have a concept of running in a restricted mode. That is, it's running as a certain user and it doesn't try to prevent that user from accessing system resources (files) that the user can regularly access.
That is, when it shows the file-picker GUI to allow the user to choose a file, it doesn't try to prevent that user from seeing certain files (yes, it's made worse as the GTK filepicker allows to open the file).
The applet doesn't treat its user as a potential attacker.
How to fix that, is a good question...
Maybe applet could learn a new command line options ("--restricted"), which prevents the user from doing certain things that are considered unsafe.
- maybe that means to show a less powerful filepicker that cannot open files,
- maybe it also means to disallow the file-picker to mount filesystems (which makes the
filepicker pretty useless),
- in the end it probably means to prevent the user from creating any connection -- only to
connect to previously configured networks.
Or maybe the login screen should choose to run a different applet instead (or none)...