cvs commit: src/sbin/ifconfig ifconfig.8 ifconfig.c ifconfig.h ifieee80211.c

Sam Leffler sam at errno.com
Thu Jul 14 22:14:55 GMT 2005 

Robert Watson wrote:
> 
> On Thu, 14 Jul 2005, Sam Leffler wrote:
> 
>> As to printing sensitive material I question how important this is.  
>> If it's a wep key it's trivially cracked by other means.  If it's a 
>> WPA or 802.1x key then it's rotated frequently and, for WPA at least, 
>> protected by addiitonal means that makes grabbing it via screen-scrape 
>> much less useful (only the GTK is displayed for WPA, not the PTK which 
>> is potentially more sensitive).  If you want to improve the situation 
>> for disclosing sensitive info then we should work on adding keychain 
>> style storage for sensitive info like static keys and wpa-psk's.
>>
>> So I guess my argument against this is you're changing long-standing 
>> behaviour w/ little benefit.
> 
> 
> Sorry about committing it over your objection -- I obviously 
> misremembered the degree to which you disagreed with the proposed 
> change.  I'm willing to back it out, but not happy about the idea.  
> Here's my view on things:
> 
> Either the key is sensitive, or it's not.  If it's not, then why are we 
> checking for root privilege?  If it is, why are we printing it without 
> being asked to?
> 
> I'm a fan of the model that says ifconfig(8) manages all the properties 
> of the network interface.  However, part of ifconfig(8) managing more 
> complex properties of those interfaces is that it has to respect the 
> sensitivity of the data it handles.  This never came up before for 
> ifconfig(8) because we didn't consider any of the data it handled 
> sensitive.  Running "ifconfig" or "ifconfig -a" is a fairly common 
> administrator activity to check the configuration of the system.  When 
> it comes to people looking over your shoulder, scroll-back, 
> /var/log/console.log, or dmesg -a output, I would prefer that keying 
> material not appear there unless specifically requested.
> 
> As to historical behavior -- I've been complaining even since that 
> behavior with ifconfig(8) since I first noticed it, as you pointed out. 
> I think wicontrol's behavior was improper also, but at least it wasn't 
> printed out automatically every time the system booted, or every time I 
> check to see if I have an association.

You didn't point out keys were being printed on boot (so it goes in 
/var/log/messages etc.).  In that case I'm fine with this change.

	Sam

More information about the cvs-src mailing list