fix: Reduce kill switch auth requirements#10
Open
SRugina wants to merge 1 commit intoProtonVPN:stablefrom
Open
fix: Reduce kill switch auth requirements#10SRugina wants to merge 1 commit intoProtonVPN:stablefrom
SRugina wants to merge 1 commit intoProtonVPN:stablefrom
Conversation
SRugina
force-pushed
the
feat/reduce-killswitch-auth
branch
from
4009372 to
495ba5b
Compare
Author
|
@calexandru2018 just bringing attention to this PR. To be clear, users of Debian, NixOS, & Tumbleweed already experience the constant prompts, and others are likely to follow since NetworkManager discourages keeping the current behaviour in newer versions. |
To mitigate CVE-2025-9615, NetworkManager from 1.57.1 (at least) will remove the modify_system build option (a new option is available for backwards compatibility but is discouraged). See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324 Thus, users of Debian, NixOS, & Tumbleweed already experience constant polkit prompts, and others are likely to follow since NetworkManager discourages keeping the current behaviour in newer versions. When a non-permanent kill switch is enabled ("Standard" and/or IPv6) without modify_system, a polkit prompt appears for every manual (dis)connection of the VPN (except within auth timeout of previous prompt). This is because editing system connections uses the `org.freedesktop.NetworkManager.settings.modify.system` polkit action, which without modify_system defaults to `auth_admin_keep`. To fix this, a user connection is sufficient as on boot it is acceptable to wait for login like the VPN connection (also a user connection). When the user's regular connection is also a user connection, there will be no polkit prompt to manually (dis)connect the VPN. Only the permanent ("Advanced") kill switch needs to be a system connection so that there is no leak before user login on boot, and since it's permanent (written to disk) the polkit prompt is only required when enabling/disabling the permanent kill switch setting and not on every manual (dis)connection of the VPN.
SRugina
force-pushed
the
feat/reduce-killswitch-auth
branch
from
495ba5b to
16d17c3
Compare
SRugina
changed the title
SRugina
added a commit
to SRugina/com.protonvpn.www
that referenced
this pull request
Mar 5, 2026
Upstream is unresponsive, see ProtonVPN/python-proton-vpn-api-core#10 copied below: To mitigate CVE-2025-9615, NetworkManager from 1.57.1 (at least) will remove the modify_system build option (a new option is available for backwards compatibility but is discouraged). See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324 Thus, users of Debian, NixOS, & Tumbleweed already experience constant polkit prompts, and others are likely to follow since NetworkManager discourages keeping the current behaviour in newer versions. When a non-permanent kill switch is enabled ("Standard" and/or IPv6) without modify_system, a polkit prompt appears for every manual (dis)connection of the VPN (except within auth timeout of previous prompt). This is because editing system connections uses the `org.freedesktop.NetworkManager.settings.modify.system` polkit action, which without modify_system defaults to `auth_admin_keep`. To fix this, a user connection is sufficient as on boot it is acceptable to wait for login like the VPN connection (also a user connection). When the user's regular connection is also a user connection, there will be no polkit prompt to manually (dis)connect the VPN. Only the permanent ("Advanced") kill switch needs to be a system connection so that there is no leak before user login on boot, and since it's permanent (written to disk) the polkit prompt is only required when enabling/disabling the permanent kill switch setting and not on every manual (dis)connection of the VPN.
SRugina
added a commit
to SRugina/com.protonvpn.www
that referenced
this pull request
Mar 5, 2026
Upstream is unresponsive, see ProtonVPN/python-proton-vpn-api-core#10 copied below: To mitigate CVE-2025-9615, NetworkManager from 1.57.1 (at least) will remove the modify_system build option (a new option is available for backwards compatibility but is discouraged). See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324 Thus, users of Debian, NixOS, & Tumbleweed already experience constant polkit prompts, and others are likely to follow since NetworkManager discourages keeping the current behaviour in newer versions. When a non-permanent kill switch is enabled ("Standard" and/or IPv6) without modify_system, a polkit prompt appears for every manual (dis)connection of the VPN (except within auth timeout of previous prompt). This is because editing system connections uses the `org.freedesktop.NetworkManager.settings.modify.system` polkit action, which without modify_system defaults to `auth_admin_keep`. To fix this, a user connection is sufficient as on boot it is acceptable to wait for login like the VPN connection (also a user connection). When the user's regular connection is also a user connection, there will be no polkit prompt to manually (dis)connect the VPN. Only the permanent ("Advanced") kill switch needs to be a system connection so that there is no leak before user login on boot, and since it's permanent (written to disk) the polkit prompt is only required when enabling/disabling the permanent kill switch setting and not on every manual (dis)connection of the VPN.
Author
|
@jllaneras just bringing attention to this PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To mitigate CVE-2025-9615, NetworkManager from 1.57.1 (at least) will
remove the modify_system build option (a new option is available for
backwards compatibility but is discouraged).
See https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324
Thus, users of Debian, NixOS, & Tumbleweed already experience constant
polkit prompts, and others are likely to follow since NetworkManager
discourages keeping the current behaviour in newer versions.
When a non-permanent kill switch is enabled ("Standard" and/or IPv6)
without modify_system, a polkit prompt appears for every manual
(dis)connection of the VPN (except within auth timeout of previous
prompt). This is because editing system connections uses the
org.freedesktop.NetworkManager.settings.modify.systempolkit action,which without modify_system defaults to
auth_admin_keep.To fix this, a user connection is sufficient as on boot it is acceptable
to wait for login like the VPN connection (also a user connection). When
the user's regular connection is also a user connection, there will be
no polkit prompt to manually (dis)connect the VPN.
Only the permanent ("Advanced") kill switch needs to be a system
connection so that there is no leak before user login on boot, and since
it's permanent (written to disk) the polkit prompt is only required when
enabling/disabling the permanent kill switch setting and not on every
manual (dis)connection of the VPN.