On Mon, Nov 27 2017, Stefan Sperling <s...@stsp.name> wrote: > On Mon, Nov 27, 2017 at 02:33:59AM +0100, Stefan Sperling wrote: >> Most people I've talked to seem to be OK with never exposing >> these secrets to userland in the first place.
Makes sense. > Better diff for the wireless part. > WEP keys showed up as 0x00000... instead of '<not displayed>' in > the previous diff. Yep. ifconfig(8) already handles EPERM properly. We can also kill dead code in ifconfig(8) (see diff below). I guess that a bunch of wireless management scripts, which parse the output of ifconfig(8) ran as root, won't expect the <> notation, but we can live with this IMO. ok jca@ (carp, sppp + revised 80211 changes) Index: ifconfig.c =================================================================== RCS file: /d/cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.351 diff -u -p -p -u -r1.351 ifconfig.c --- ifconfig.c 17 Nov 2017 18:04:51 -0000 1.351 +++ ifconfig.c 27 Nov 2017 18:56:12 -0000 @@ -2124,70 +2124,12 @@ ieee80211_status(void) } } - if (inwkey == 0 && nwkey.i_wepon > IEEE80211_NWKEY_OPEN) { - fputs(" nwkey ", stdout); - /* try to retrieve WEP keys */ - for (i = 0; i < IEEE80211_WEP_NKID; i++) { - nwkey.i_key[i].i_keydat = keybuf[i]; - nwkey.i_key[i].i_keylen = sizeof(keybuf[i]); - } - if (ioctl(s, SIOCG80211NWKEY, (caddr_t)&nwkey) == -1) { - fputs("<not displayed>", stdout); - } else { - nwkey_verbose = 0; - /* - * check to see non default key - * or multiple keys defined - */ - if (nwkey.i_defkid != 1) { - nwkey_verbose = 1; - } else { - for (i = 1; i < IEEE80211_WEP_NKID; i++) { - if (nwkey.i_key[i].i_keylen != 0) { - nwkey_verbose = 1; - break; - } - } - } - /* check extra ambiguity with keywords */ - if (!nwkey_verbose) { - if (nwkey.i_key[0].i_keylen >= 2 && - isdigit((unsigned char)nwkey.i_key[0].i_keydat[0]) && - nwkey.i_key[0].i_keydat[1] == ':') - nwkey_verbose = 1; - else if (nwkey.i_key[0].i_keylen >= 7 && - strncasecmp("persist", - (char *)nwkey.i_key[0].i_keydat, 7) == 0) - nwkey_verbose = 1; - } - if (nwkey_verbose) - printf("%d:", nwkey.i_defkid); - for (i = 0; i < IEEE80211_WEP_NKID; i++) { - if (i > 0) - putchar(','); - if (nwkey.i_key[i].i_keylen < 0) { - fputs("persist", stdout); - } else { - /* - * XXX - * sanity check nwkey.i_key[i].i_keylen - */ - print_string(nwkey.i_key[i].i_keydat, - nwkey.i_key[i].i_keylen); - } - if (!nwkey_verbose) - break; - } - } - } + if (inwkey == 0 && nwkey.i_wepon > IEEE80211_NWKEY_OPEN) + fputs(" nwkey <not displayed>", stdout); + + if (ipsk == 0 && psk.i_enabled) + fputs(" wpakey <not displayed>", stdout); - if (ipsk == 0 && psk.i_enabled) { - fputs(" wpakey ", stdout); - if (psk.i_enabled == 2) - fputs("<not displayed>", stdout); - else - print_string(psk.i_psk, sizeof(psk.i_psk)); - } if (iwpa == 0 && wpa.i_enabled) { const char *sep; -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE