cvs commit: src/sbin/ifconfig ifconfig.8 ifconfig.c ifconfig.h
sam at errno.com
Thu Jul 14 21:53:23 GMT 2005
Robert Watson wrote:
> On Thu, 14 Jul 2005, Sam Leffler wrote:
>>> Add a new flag '-k' to ifconfig(8), indicating that it is alright to
>>> print potentially sensitive keying material to stdout. With the new
>>> 802.11 support, ifconfig(8) is now capable of printing 802.11 keys,
>>> and did by default for the root user, which is undesirable in some
>>> environments. Now it will not print keying material unless requested
>>> (and available to the user).
>> I thought we'd agreed NOT to do this.
> Remind me what we'd agreed should be done? Printing the 802.11 key on
> the console during boot is undesirable. I recollect vaguely we had
> thought about removing printing the key entirely, only it struck me this
> was actually a useful feature, so "-k" allows you to do that.
> Especially since we are trying to avoid forcing people to use wicontrol,
You repeatedly asked me to add this option. Each time I said I didn't
think it was a great idea. You then committed it w/o discussion (with
me at least).
ifconfig prints the key material only when invoked by root. This is the
way it's been all along and the way wiconfig still works and which we
are trying to eliminate by extending ifconfig.
As to printing sensitive material I question how important this is. If
it's a wep key it's trivially cracked by other means. If it's a WPA or
802.1x key then it's rotated frequently and, for WPA at least, protected
by addiitonal means that makes grabbing it via screen-scrape much less
useful (only the GTK is displayed for WPA, not the PTK which is
potentially more sensitive). If you want to improve the situation for
disclosing sensitive info then we should work on adding keychain style
storage for sensitive info like static keys and wpa-psk's.
So I guess my argument against this is you're changing long-standing
behaviour w/ little benefit.
More information about the cvs-src