On 2017/11/17 18:28, Ted Unangst wrote:
> Stefan Sperling wrote:
> > Or is modifying ifconfig sufficient?
> > We are more concerned about textual display rather than the
> > kernel/userland ioctl boundary, correct?
> >
> > The option list for ifconfig is [-AaC]. Plenty of letters available.
> > We could add:
> >
> > -P Show authentication details such as passwords (not displayed by
> > default))
>
> I think putting this logic in ifconfig is much better than the kernel. That
> didn't make much sense to me, I'm afraid.
>
Reviewing the others:
- sppp / pppoe: blocked in kernel (as of if_spppsubr.c,v 1.73 2009/02/16)
/* do not copy the secret, and only let root know the name */
if (auth->name != NULL && suser(curproc, 0) == 0)
strlcpy(spa->name, auth->name, sizeof(spa->name));
- carp: passed in kernel to root (SIOCGVH), not displayed in ifconfig.
ports/shells/nsh does read it though.
if (suser(p, 0) == 0)
bcopy(sc->sc_key, carpr.carpr_key,
sizeof(carpr.carpr_key));
I think that's all besides wifi?
Consistency would be nice. I would be reasonably happy with any of these:
- kernel never passes these keys.
- kernel only passes these keys if securelevel < 2 (I think this would
be my first choice).
- kernel always passes these keys to root.
For either of the last two, I like the suggested -P flag in ifconfig
to control whether it's displayed.
I'm not convinced that having the kernel pass wifi keys to root if
IFF_DEBUG is set fixes the original problem - users having problems
with wifi may well use "ifconfig XX debug" before they fetch ifconfig
output to send in a list post.
