[bug] use sytem-wide bitmask-root, if found (!209) · Merge requests · leap / bitmask-dev

The source project of this merge request has been removed.

Kali Kaneko requested to merge (removed):bug/use_system_bitmaskroot into master Oct 06, 2017

we make a distinction between the system-wide bitmask-root, which should be placed there by the maintainers of whatever packages your distribution uses, and the bitmask-root that is placed by the bundles (using polkit).

since the bundles copying over the helper from user-writeable folders is a potential attack vector, we prefer to use the package's version if present.

also, if we cannot find either, we abort the launching of the VPN. we've discussed that this might move to the service initialization instead, but I think the cases in which this is needed should be rare.

I fix also a corner-case in which we were using getcwd() at import time. if you execute code and then remove the installation path, this will raise a traceback in bitmaskctl. I think it's nicer to catch the error properly when starting.

[bug] use sytem-wide bitmask-root, if found

Merge request reports