[pkg-wpa-devel] Bug#382241: wpasupplicant: Please enforce tight
permissions on /etc/network/interfaces
Christoph Biedl
cbiedl at gmx.de
Wed Aug 9 17:14:39 UTC 2006
Package: wpasupplicant
Version: 0.5.4-2
Severity: wishlist
Quite some time ago wpasupplicant became configurable via
/etc/network/interfaces (/e/n/i). Thanks a lot for that, this was a big
improvement since it drastically eased the configuration.
However I'm a bit concerned since /e/n/i usually has 644 permissions, in
other words: Every user on that computer can read the credentials for
e.g. WPA authentification. Although we can assume wpasupplicant is
mostly used on notebook where just one user account and that user has
root access, too - I think it's wise to a "Better safe then sorry" here.
If you agree:
* In postinst: Check whether /e/n/i permissions are 660 or tighter and
offer to fix them if required.
* If wpasupplicant reads credentials from /e/n/i and finds loose
permissions: Print a warning message on the console or at least via
syslog.
Thanks,
Christoph
More information about the Pkg-wpa-devel
mailing list