[pkg-wpa-devel] Bug#428620: Bug#428620: Conflicting advice regarding security

Loye Young loye.young at iycc.net
Wed Jul 4 03:43:49 UTC 2007 

On Tuesday, July 3, 2007 5:14:29 pm Kel Modderman wrote:
>
> Does the emphasis on "waaayyyyy" indicate you want it moved somewhere else?
My personal feeling is that it should be in a more natural place to look for 
it, and that security issues should be more prominent. At the bottom of a 
file dealing with modes of operation seems not intuitive. Why not just give 
the security issues their own README.security (or similar)?

> We'd have to provide the generic group "wheel" too. I think that is not
> going to happen.
I was of course using the example the documentation provided. Perhaps creating 
a group "wireless" might not be a terrible idea, though. 
>
> README.modes suggests perms of 0600 because it describes use cases where
> wpa_supplicant is started as system daemon (by root) only.
Yes, that's right. The question is "What should be the recommended security 
precautions?" Once that's decided, sensible defaults should be set up and the 
documentation conformed. 

I see three options: 
(1) Set file permissions to 660 as default, with owner=root and group=root. 
Run as a system daemon, it would operate the same as 600. Run as a user 
application with a special group for wireless users, as the documentation 
suggests, it would automatically work when the sys admin followed the 
directions. 
(2) Keep file permissions the way they are, but add lingo to the documentation 
telling the sys admin to change the file permissions if he wants to allow one 
or more users to configure wireless without giving them su powers. 
(3) Set file permissions to 660, owner=root, group=wireless. Run as a system 
daemon, without any user in the wireless group, it's the same as 600. If the 
sys admin wants one or more users to be able to configure the wireless 
connection, he simply adds the users to the wireless group. 

My choice is number 3. Carrying a laptop around inevitably requires 
configuring the wireless settings for various local wireless network, and 
it's hard to predict in advance what is going to be required. Inevitably, the 
sys admin will have to give some sort of enhanced privileges to the user 
carrying the laptop. If the sys admin and the user are the same person, our 
buddy sudo does the trick and it's no big deal. But if the sys admin is in 
the IT department and the user is some salesman or consultant schlepping 
around in hotels and airports, the better part of valor would be to set up a 
wireless group and put the hapless users in that group. Option 3 would be a 
sensible default for file permissions, and reduce the number of configuration 
steps, no matter what the sys admin decided.

To carry it a step farther, the install script could ask which users should be 
in the "wireless" group, providing a list of users to select among.

>
> Thanks, Kel.
Thank YOU! 

Loye Young

More information about the Pkg-wpa-devel mailing list