desktop-packages team mailing list archive

Thread
Date
[Bug 1426923] Re: Allow ubuntu-system-settings to set a device's firmware through wpa_supplicant

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Mon, 02 Mar 2015 20:36:45 -0000
Reply-to: Bug 1426923 <1426923@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Jonas asked me to take a look at the security implications of this. Some observations:
* on touch, /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.touch.NetworkManager.pkla allows anyone in the 'sudo' group to access all of NetworkManager. This is not ideal but was the decision taken while we don't have proper PK support on the phone
* /usr/share/polkit-1/actions/org.freedesktop.urfkill.policy allows the active seat to call Block. This is probably more permissive than it has to be, but would need someone familiar with urfkill to comment
* wpasupplicant (from the 'wpa' source package) ships /etc/dbus-1/system.d/wpa_supplicant.conf and it by default disallows all connections by non-root
* wpasupplicant does not ship a policykit file and doesn't seem to have policykit support
* http://bazaar.launchpad.net/~mathieu-tl/+junk/touch-hotspot/view/head:/hotspot.py only uses wpas.SetInterfaceFirmware("/", "ap") - I think there might be a bug here: shouldn't disable() put it back to what it was before calling enable()?
* wpas_dbus_handler_set_interface_firmware() from wpa_supplicant/dbus/dbus_new_handlers.c has good input validation and only allows setting "ap", "sta" and "p2p" and nothing else

Considering the current policy with NM and the phablet user on Touch, I think it is tolerable to give the phablet user the ability to use SetInterfaceFirmware(). As I see it, there are two paths forward (not listed in any particular order):
1. add policykit support to wpasupplicant, ship a policykit policy file that is very strict, then override on touch similar to how we do in /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.touch.NetworkManager.pkla, but only for SetInterfaceFirmware()
2. use a proxy service that runs as root on the system bus that can make this call on our behalf. This proxy service could be written from scratch, extend NetworkManager, use the connectivity-api, or something else

I think '2' is the path of least resistance. It probably makes sense to
use something like connectivity-api and have it have methods like:
SetAP(), SetSTA(), SetP2P(), each of which talks to wpasupplicant. I
suggest talking to the connectivity-api folks for ideas on API and where
to best put this.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wpasupplicant in Ubuntu.
https://bugs.launchpad.net/bugs/1426923

Title:
  Allow ubuntu-system-settings to set a device's firmware through
  wpa_supplicant

Status in wpasupplicant package in Ubuntu:
  New

Bug description:
  Background:
  To do Wi-Fi hotspots on krillin, we need to poke wifi by doing a call to wpa_supplicant's (undocumented/local) SetInterfaceFirmware method. See [1] for details.

  Rationale:
  Ubuntu System Settings needs to do the same things as aforementioned script, but via dbus [2], as phablet/current non-privileged user and unconfined.

  What happens:
  If phablet runs [2], this error message [3] is produced, which I interpret to be equivalent with "you're not welcome here".

  What should happen instead:
  Ubuntu System Settings should be allowed to make the call

  [1] http://bazaar.launchpad.net/~mathieu-tl/+junk/touch-hotspot/view/head:/hotspot.py
  [2] gdbus call --system -d fi.w1.wpa_supplicant1 -o /fi/w1/wpa_supplicant1 -m fi.w1.wpa_supplicant1.SetInterfaceFirmware / ap
  [3] http://pastebin.ubuntu.com/10489519/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/1426923/+subscriptions