On Mon, Nov 27, 2017 at 01:31:17AM +0100, Stefan Sperling wrote:
> On Sun, Nov 26, 2017 at 06:17:14PM +0100, Jeremie Courreges-Anglas wrote:
> >
> > I don't think anything has been committed regarding this issue, right?
>
> Nope.
>
> I've been discussing this with people in person.
> Will summarize those discussions and send a new diff soon.
Most people I've talked to seem to be OK with never exposing
these secrets to userland in the first place.
OK?
Index: net/if_spppsubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_spppsubr.c,v
retrieving revision 1.173
diff -u -p -r1.173 if_spppsubr.c
--- net/if_spppsubr.c 20 Oct 2017 09:35:09 -0000 1.173
+++ net/if_spppsubr.c 27 Nov 2017 01:27:31 -0000
@@ -4493,9 +4493,8 @@ sppp_get_params(struct sppp *sp, struct
spa->proto = auth->proto;
spa->flags = auth->flags;
- /* do not copy the secret, and only let root know the name */
- if (auth->name != NULL && suser(curproc, 0) == 0)
- strlcpy(spa->name, auth->name, sizeof(spa->name));
+ /* do not copy the name and secret to userland */
+ memset(spa->name, 0, sizeof(spa->name));
if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) {
free(spa, M_DEVBUF, 0);
Index: net80211/ieee80211_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.57
diff -u -p -r1.57 ieee80211_ioctl.c
--- net80211/ieee80211_ioctl.c 6 Nov 2017 11:34:29 -0000 1.57
+++ net80211/ieee80211_ioctl.c 27 Nov 2017 01:29:44 -0000
@@ -252,9 +252,6 @@ static int
ieee80211_ioctl_getnwkeys(struct ieee80211com *ic,
struct ieee80211_nwkey *nwkey)
{
- struct ieee80211_key *k;
- int error, i;
-
if (ic->ic_flags & IEEE80211_F_WEPON)
nwkey->i_wepon = IEEE80211_NWKEY_WEP;
else
@@ -262,23 +259,8 @@ ieee80211_ioctl_getnwkeys(struct ieee802
nwkey->i_defkid = ic->ic_wep_txkey + 1;
- for (i = 0; i < IEEE80211_WEP_NKID; i++) {
- if (nwkey->i_key[i].i_keydat == NULL)
- continue;
- /* do not show any keys to non-root user */
- if ((error = suser(curproc, 0)) != 0)
- return error;
- k = &ic->ic_nw_keys[i];
- if (k->k_cipher != IEEE80211_CIPHER_WEP40 &&
- k->k_cipher != IEEE80211_CIPHER_WEP104)
- nwkey->i_key[i].i_keylen = 0;
- else
- nwkey->i_key[i].i_keylen = k->k_len;
- error = copyout(k->k_key, nwkey->i_key[i].i_keydat,
- nwkey->i_key[i].i_keylen);
- if (error != 0)
- return error;
- }
+ /* do not show any keys to userland */
+
return 0;
}
@@ -491,14 +473,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
case SIOCG80211WPAPSK:
psk = (struct ieee80211_wpapsk *)data;
if (ic->ic_flags & IEEE80211_F_PSK) {
- psk->i_enabled = 1;
- /* do not show any keys to non-root user */
- if (suser(curproc, 0) != 0) {
- psk->i_enabled = 2;
- memset(psk->i_psk, 0, sizeof(psk->i_psk));
- break; /* return ok but w/o key */
- }
- memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk));
+ /* do not show any keys to userland */
+ psk->i_enabled = 2;
+ memset(psk->i_psk, 0, sizeof(psk->i_psk));
+ break; /* return ok but w/o key */
} else
psk->i_enabled = 0;
break;
Index: netinet/ip_carp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.319
diff -u -p -r1.319 ip_carp.c
--- netinet/ip_carp.c 21 Nov 2017 09:08:55 -0000 1.319
+++ netinet/ip_carp.c 27 Nov 2017 01:29:34 -0000
@@ -2158,9 +2158,8 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
}
carpr.carpr_advbase = sc->sc_advbase;
carpr.carpr_balancing = sc->sc_balancing;
- if (suser(p, 0) == 0)
- bcopy(sc->sc_key, carpr.carpr_key,
- sizeof(carpr.carpr_key));
+ /* do not show any keys to userland */
+ memset(carpr.carpr_key, 0, sizeof(carpr.carpr_key));
carpr.carpr_peer.s_addr = sc->sc_peer.s_addr;
error = copyout(&carpr, ifr->ifr_data, sizeof(carpr));
break;
