[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
I am marking this bug as confirmed because it has been confirmed in many duplicates. ** Changed in: netcfg (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. https://bugs.launchpad.net/bugs/14392 Title: [network-admin] WEP key stored in world-readable /etc/network/interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/14392/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
against netcfg. Needs testing. ** Package changed: wireless-tools (Ubuntu) = netcfg (Ubuntu) ** Changed in: netcfg (Ubuntu) Status: Invalid = New ** Patch added: proposed patch https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/14392/+attachment/3896114/+files/file-mode.patch -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. https://bugs.launchpad.net/bugs/14392 Title: [network-admin] WEP key stored in world-readable /etc/network/interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/14392/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
The attachment proposed patch seems to be a patch. If it isn't, please remove the patch flag from the attachment, remove the patch tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. https://bugs.launchpad.net/bugs/14392 Title: [network-admin] WEP key stored in world-readable /etc/network/interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/14392/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
I found that after doing a fresh install of 13.10 server, the wpa passphrase for the network used during install was stored in plain text in /etc/network/interfaces and by default the file has 644 permissions. As stated by the original creator, this is a potential security risk. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. https://bugs.launchpad.net/bugs/14392 Title: [network-admin] WEP key stored in world-readable /etc/network/interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-system-tools/+bug/14392/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Heck if I know... I reported this bug like seven years ago, and haven't used Debian for a long time. On Tue, Sep 14, 2010 at 9:42 PM, rusivi1 14...@bugs.launchpad.net wrote: Thank you for reporting this bug. Is this still an issue in gnome-system-tools (Debian)? ** Changed in: gnome-system-tools (Debian) Status: New = Incomplete -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://bugs.launchpad.net/bugs/14392 You received this bug notification because you are a direct subscriber of a duplicate bug (29372). -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://bugs.launchpad.net/bugs/14392 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Thank you for reporting this bug. Is this still an issue in gnome-system-tools (Debian)? ** Changed in: gnome-system-tools (Debian) Status: New = Incomplete -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://bugs.launchpad.net/bugs/14392 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
** Changed in: wireless-tools (Ubuntu) Status: New = Confirmed ** Changed in: wireless-tools (Ubuntu) Status: Confirmed = Invalid -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://bugs.launchpad.net/bugs/14392 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Sebastien Bacher [2006-10-10 22:57 -]: potential patch for the issue. The patch change the mod and group when a config is modified, we can make it changing it only when a key is written by using the key option The latter would be preferable IMHO. There's nothing to hide on an usual desktop. do we want to change that now for edgy or after edgy? It's straightforward and unintrusive, personally I'd like to see it in Edgy. Thanks, pitti -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Fixed with this upload: system-tools-backends (1.9.7-0ubuntu3) edgy; urgency=low . * debian/patches/01_chmod_network_interfaces_when_using_key.patch: - change network interfaces file mode to 640 and the group to admin when a key is set (Ubuntu: #14392) The patch used: diff -Nur system-tools-backends-1.9.7/Network/Ifaces.pm system-tools-backends-1.9.7.new/Network/Ifaces.pm --- system-tools-backends-1.9.7/Network/Ifaces.pm 2006-10-06 00:16:51.0 +0200 +++ system-tools-backends-1.9.7.new/Network/Ifaces.pm 2006-10-11 12:28:42.0 +0200 @@ -693,6 +693,17 @@ return (get_debian_auto_by_stanza ($file, $iface) ne undef)? 1 : 0; } +sub set_network_config_permission +{ +my ($key) = @_; + +if ($key) +{ +chmod 0640, /etc/network/interfaces; +Utils::File::run (chgrp admin /etc/network/interfaces); +} +} + sub set_debian_auto { my ($file, $iface, $value) = @_; @@ -3099,6 +3110,7 @@ [ gateway,\Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], gateway ], [ essid, \Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], wireless-essid ], [ key,\Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], wireless-key ], + [ key,\set_network_config_permission, %key%], [ key_type, \set_wep_key_full, [ \Utils::Replace::set_interfaces_option_str, INTERFACES, IFACE, wireless-key, %key% ]], # ugly hack for deleting undesired options (due to syntax duality) [ essid, \Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], wireless_essid, ], ** Changed in: gnome-system-tools (Ubuntu) Status: Confirmed = Fix Released -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Doesn't this introduce a race condition where the key has been updated first and then the file protected? If I understand the code paths correctly, moving the key line up one spot in the table's list should solve this race. -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
Thank you for the comment Kees, fixed with that upload: system-tools-backends (1.9.7-0ubuntu4) edgy; urgency=low . * debian/patches/01_chmod_network_interfaces_when_using_key.patch: - change permission before writting the key, thank to Kees Cook for pointing that -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
potential patch for the issue. The patch change the mod and group when a config is modified, we can make it changing it only when a key is written by using the key option do we want to change that now for edgy or after edgy? ** Attachment added: potential patch http://librarian.launchpad.net/4739392/network-admin.patch -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
The problem here is that a user can connect other machines to the network if they have the WEP key. ** Bug 63394 has been marked a duplicate of this bug -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
** Also affects: wireless-tools (Ubuntu) Importance: Undecided Status: Unconfirmed -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces
please stay correct there is just lot of bugs and fixing them might take some time. If you want to help and make the fix faster feel free to send a patch ** Bug 60131 has been marked a duplicate of this bug ** Changed in: gnome-system-tools (Ubuntu) Importance: Medium = High Assignee: (unassigned) = Ubuntu Desktop Bugs Target: None = ubuntu-6.10 -- [network-admin] WEP key stored in world-readable /etc/network/interfaces https://launchpad.net/bugs/14392 -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs