On 2017/11/17 18:28, Ted Unangst wrote: > Stefan Sperling wrote: > > Or is modifying ifconfig sufficient? > > We are more concerned about textual display rather than the > > kernel/userland ioctl boundary, correct? > > > > The option list for ifconfig is [-AaC]. Plenty of letters available. > > We could add: > > > > -P Show authentication details such as passwords (not displayed by > > default)) > > I think putting this logic in ifconfig is much better than the kernel. That > didn't make much sense to me, I'm afraid. >
Reviewing the others: - sppp / pppoe: blocked in kernel (as of if_spppsubr.c,v 1.73 2009/02/16) /* do not copy the secret, and only let root know the name */ if (auth->name != NULL && suser(curproc, 0) == 0) strlcpy(spa->name, auth->name, sizeof(spa->name)); - carp: passed in kernel to root (SIOCGVH), not displayed in ifconfig. ports/shells/nsh does read it though. if (suser(p, 0) == 0) bcopy(sc->sc_key, carpr.carpr_key, sizeof(carpr.carpr_key)); I think that's all besides wifi? Consistency would be nice. I would be reasonably happy with any of these: - kernel never passes these keys. - kernel only passes these keys if securelevel < 2 (I think this would be my first choice). - kernel always passes these keys to root. For either of the last two, I like the suggested -P flag in ifconfig to control whether it's displayed. I'm not convinced that having the kernel pass wifi keys to root if IFF_DEBUG is set fixes the original problem - users having problems with wifi may well use "ifconfig XX debug" before they fetch ifconfig output to send in a list post.