FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 11-11-2009, 01:34 AM
Ben Hutchings
 
Default Bug#555680: System information in bug reports may be security-sensitive

Package: linux-2.6
Version: 2.6.31-1
Severity: normal
Tags: security

The bug script now offers to include network configuration and status.
The network configuration file /etc/network/interfaces may include
encryption keys for wireless networks, which we should scrub. There
is also a more general problem of sensitive information in the kernel
log, but I'm not sure what we can do about that.

Ben.

-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-19-2009, 01:04 PM
"Stefan Lippers-Hollmann"
 
Default Bug#555680: System information in bug reports may be security-sensitive

Hi

r14441 [1], "hide wireless keys and wake-on-LAN password when including
network configuration in bug reports (bug #555680)".

It is unfortunately not enough to prune "wireless-key" from bugreports, as
wpasupplicant defines additional means to configure passwords for wireless
links[2], namely wpa-psk and wpa-password. Additionally I suggest to prune
commented out lines as well, as these might contain passwords or other
sensitive information and have no relevance for bugreporting.

The attached, valid, /etc/network/interfaces example illustrates the
problem with these means of configuration. The following patch applies to
sid and trunk of linux-2.6 (r14649).

[1] http://svn.debian.org/viewsvn/kernel/dists/sid/linux-2.6/debian/templates/image.plain.bug/include-network?r1=14441&r2=14597
[2] http://svn.debian.org/viewsvn/pkg-wpa/wpasupplicant/trunk/debian/README.Debian?view=markup

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

Index: debian/templates/image.plain.bug/include-network
================================================== =================
--- debian/templates/image.plain.bug/include-network (revision 14649)
+++ debian/templates/image.plain.bug/include-network (working copy)
@@ -5,7 +5,10 @@
echo '** Network interface configuration:' >&3
# Hide passwords/keys
awk '$1 ~ /^wireless-key/ { gsub(".", "*", $2); }
+ $1 ~ /^wpa-psk/ { gsub(".", "*", $2); }
+ $1 ~ /^wpa-password/ { gsub(".", "*", $2); }
$1 == "ethtool-wol" { gsub(".", "*", $3); }
+ !/^#/
{ print; }
' </etc/network/interfaces >&3
echo >&3
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface linksys_aes inet dhcp
iface default inet dhcp

auto wlan1
iface wlan1 inet dhcp
wpa-ssid something
wpa-psk 0123456789abcdef0123456789abcdef0123456789abcdef01 23456789abcdef
# wpa-psk 2123456789abcdef0123456789abcdef0123456789abcdef01 23456789abcdef

auto wlan2
iface wlan2 inet dhcp
wpa-ssid somethingelse
wpa-password myplaintextpassword
# wpa-password yourplaintextpassword

auto wlan3
iface wlan3 inet dhcp
wireless-essid somethingveryelse
wireless-key mypassword
# wireless-key yourpassword
 

Thread Tools




All times are GMT. The time now is 10:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org