From owner-freebsd-bugs  Thu Aug 31  9:10: 8 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6189837B424
	for <freebsd-bugs@FreeBSD.org>; Thu, 31 Aug 2000 09:10:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA65936;
	Thu, 31 Aug 2000 09:10:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 9679C37B423
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 31 Aug 2000 09:06:19 -0700 (PDT)
Received: (from robert@localhost)
	by fledge.watson.org (8.9.3/8.9.3) id MAA25648;
	Thu, 31 Aug 2000 12:06:18 -0400 (EDT)
	(envelope-from robert)
Message-Id: <200008311606.MAA25648@fledge.watson.org>
Date: Thu, 31 Aug 2000 12:06:18 -0400 (EDT)
From: rwatson@freebsd.org
Reply-To: rwatson@freebsd.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/20963: wicontrol (and supporting ioctls/sysctls, presumably) reveal crypto key
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         20963
>Category:       kern
>Synopsis:       wicontrol (and supporting calls) reveal hardware crypto key to any user
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 31 09:10:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Robert Watson
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
NAI Labs at Network Associates
>Environment:

4.1-STABLE, using Wavelan wi driver, with hardware encryption enabled.

>Description:

wicontrol will show the hardware crypto key to any user.  Probably, 
release of the crypto key should occur only to a process with appropriate
privilege.  This cannot just be done in wicontrol, but must be done at
the ioctl used to retrieve the key, in kernel.  Access to the system
should not imply complete access to the network infrastructure.

>How-To-Repeat:

wicontrol -i wi0

>Fix:

Not attached.


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message