Bug#555680: System information in bug reports may be security-sensitive

Thu, 19 Nov 2009 06:10:52 -0800 

Hi

r14441 [1], "hide wireless keys and wake-on-LAN password when including 
network configuration in bug reports (bug #555680)".

It is unfortunately not enough to prune "wireless-key" from bugreports, as 
wpasupplicant defines additional means to configure passwords for wireless 
links[2], namely wpa-psk and wpa-password. Additionally I suggest to prune 
commented out lines as well, as these might contain passwords or other 
sensitive information and have no relevance for bugreporting.

The attached, valid, /etc/network/interfaces example illustrates the 
problem with these means of configuration. The following patch applies to
sid and trunk of linux-2.6 (r14649).

[1]     
http://svn.debian.org/viewsvn/kernel/dists/sid/linux-2.6/debian/templates/image.plain.bug/include-network?r1=14441&r2=14597
[2]     
http://svn.debian.org/viewsvn/pkg-wpa/wpasupplicant/trunk/debian/README.Debian?view=markup

Signed-off-by: Stefan Lippers-Hollmann <[email protected]>

Index: debian/templates/image.plain.bug/include-network
===================================================================
--- debian/templates/image.plain.bug/include-network    (revision 14649)
+++ debian/templates/image.plain.bug/include-network    (working copy)
@@ -5,7 +5,10 @@
   echo '** Network interface configuration:' >&3
   # Hide passwords/keys
   awk '$1 ~ /^wireless-key/ { gsub(".", "*", $2); }
+       $1 ~ /^wpa-psk/ { gsub(".", "*", $2); }
+       $1 ~ /^wpa-password/ { gsub(".", "*", $2); }
        $1 == "ethtool-wol" { gsub(".", "*", $3); }
+       !/^\#/
        { print; }
       ' </etc/network/interfaces >&3
   echo >&3

# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface linksys_aes inet dhcp
iface default inet dhcp

auto wlan1
iface wlan1 inet dhcp
        wpa-ssid something
        wpa-psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
#       wpa-psk 2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

auto wlan2
iface wlan2 inet dhcp
        wpa-ssid somethingelse
        wpa-password myplaintextpassword
#       wpa-password yourplaintextpassword

auto wlan3
iface wlan3 inet dhcp
        wireless-essid somethingveryelse
        wireless-key mypassword
#       wireless-key yourpassword

Reply via email to