Date: Thu, 14 Jul 2005 14:58:25 -0700 From: Sam Leffler <sam@errno.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/ifconfig ifconfig.8 ifconfig.c ifconfig.h ifieee80211.c Message-ID: <42D6E001.1020001@errno.com> In-Reply-To: <20050714224327.O35071@fledge.watson.org> References: <200507141833.j6EIXLPA001703@repoman.freebsd.org> <42D6DD30.6020900@errno.com> <20050714224327.O35071@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > On Thu, 14 Jul 2005, Sam Leffler wrote: > >>> Add a new flag '-k' to ifconfig(8), indicating that it is alright to >>> print potentially sensitive keying material to stdout. With the new >>> 802.11 support, ifconfig(8) is now capable of printing 802.11 keys, >>> and did by default for the root user, which is undesirable in some >>> environments. Now it will not print keying material unless requested >>> (and available to the user). >> >> >> I thought we'd agreed NOT to do this. > > > Remind me what we'd agreed should be done? Printing the 802.11 key on > the console during boot is undesirable. I recollect vaguely we had > thought about removing printing the key entirely, only it struck me this > was actually a useful feature, so "-k" allows you to do that. > Especially since we are trying to avoid forcing people to use wicontrol, > etc. You repeatedly asked me to add this option. Each time I said I didn't think it was a great idea. You then committed it w/o discussion (with me at least). ifconfig prints the key material only when invoked by root. This is the way it's been all along and the way wiconfig still works and which we are trying to eliminate by extending ifconfig. As to printing sensitive material I question how important this is. If it's a wep key it's trivially cracked by other means. If it's a WPA or 802.1x key then it's rotated frequently and, for WPA at least, protected by addiitonal means that makes grabbing it via screen-scrape much less useful (only the GTK is displayed for WPA, not the PTK which is potentially more sensitive). If you want to improve the situation for disclosing sensitive info then we should work on adding keychain style storage for sensitive info like static keys and wpa-psk's. So I guess my argument against this is you're changing long-standing behaviour w/ little benefit. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42D6E001.1020001>