[network-admin] WEP key stored in world-readable /etc/network/interfaces

Considering that WEP is essentially flawed anyway, and that a user logged into
the system can generally access the network (and mount a cleartext attack too),
this doesn't seem like cause for concern. Martin?

Although I agree that this is a problem, I would rather not see
/etc/network/interfaces's readability restricted. We could modify the
wireless-tools package to use a separate wep-keys file for storing WEP
keys and then remove read permission from that. Compare
/etc/ppp/pap-secrets and /etc/waproamd/keys/ in the Debian ppp and
waproamd packages, respectively. This may require changes to the
installer and to any configuration tools that write WEP keys to /e/n/i.

(In reply to comment #1)
> Considering that WEP is essentially flawed anyway, and that a user logged into
> the system can generally access the network (and mount a cleartext attack too),
> this doesn't seem like cause for concern. Martin?

I basically agree. We shouldn't break Hoary that close to the release with doing
such changes. However, I like Thomas' proposal with a separate key file anyway;
sooner or later we have to support WPA too, and will get the same problem. So we
should aim to externalize the key file (if this is relevant to WPA) for Breezy.

Agree.

If possible it would be a nice if the user were warned somewhere (e.g.,
in the release notes) that a WEP key entered in the installer or added
to /e/n/i in some other way is publicly visible.

Regarding the WEP-keys-in-separate-file idea, I just checked the Debian BTS
and found that that idea has already been suggested in #295581 and rejected
there by the Debian maintainer. He wants the user to do this instead:

 pre-up iwconfig $IFACE key `cat keyfile`

Not terribly user-friendly.

*** Bug 20074 has been marked as a duplicate of this bug. ***

*** Bug 22221 has been marked as a duplicate of this bug. ***

This would probably be solved by adding Network Manager and storing the WEP keys in the GNOME Keyring?

s/probably/definitely/ :)

Reassigned to gnome-system-tools; when it adds a key to this file, it should probably change the permissions.

For heaven's sake. This was a one liner bug fix and it's now been how
long since I reported it?
Ian

On 9/6/06, Sebastien Bacher <email address hidden> wrote:
> ** Summary changed:
>
> - WEP key stored in world-readable /etc/network/interfaces
> + [network-admin] WEP key stored in world-readable /etc/network/interfaces
>
> ** Tags added: network-admin
>
> --
> [network-admin] WEP key stored in world-readable /etc/network/interfaces
> https://launchpad.net/bugs/14392
>

please stay correct there is just lot of bugs and fixing them might take some time. If you want to help and make the fix faster feel free to send a patch

The problem here is that a user can connect other machines to the network if they have the WEP key.

potential patch for the issue. The patch change the mod and group when a config is modified, we can make it changing it only when a key is written by using the "key" option

do we want to change that now for edgy or after edgy?

Sebastien Bacher [2006-10-10 22:57 -0000]:
> potential patch for the issue. The patch change the mod and group when a
> config is modified, we can make it changing it only when a key is
> written by using the "key" option

The latter would be preferable IMHO. There's nothing to hide on an
usual desktop.

> do we want to change that now for edgy or after edgy?

It's straightforward and unintrusive, personally I'd like to see it in
Edgy.

Thanks, pitti

Fixed with this upload:

 system-tools-backends (1.9.7-0ubuntu3) edgy; urgency=low
 .
   * debian/patches/01_chmod_network_interfaces_when_using_key.patch:
     - change network interfaces file mode to 640 and the group to "admin"
       when a key is set (Ubuntu: #14392)

The patch used:

diff -Nur system-tools-backends-1.9.7/Network/Ifaces.pm system-tools-backends-1.9.7.new/Network/Ifaces.pm
--- system-tools-backends-1.9.7/Network/Ifaces.pm 2006-10-06 00:16:51.000000000 +0200
+++ system-tools-backends-1.9.7.new/Network/Ifaces.pm 2006-10-11 12:28:42.000000000 +0200
@@ -693,6 +693,17 @@
   return (&get_debian_auto_by_stanza ($file, $iface) ne undef)? 1 : 0;
 }

+sub set_network_config_permission
+{
+ my ($key) = @_;
+
+ if ($key)
+ {
+ chmod 0640, "/etc/network/interfaces";
+ &Utils::File::run ("chgrp admin /etc/network/interfaces");
+ }
+}
+
 sub set_debian_auto
 {
   my ($file, $iface, $value) = @_;
@@ -3099,6 +3110,7 @@
       [ "gateway", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "gateway" ],
       [ "essid", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless-essid" ],
       [ "key", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless-key" ],
+ [ "key", \&set_network_config_permission, "%key%"],
       [ "key_type", \&set_wep_key_full, [ \&Utils::Replace::set_interfaces_option_str, INTERFACES, IFACE, "wireless-key", "%key%" ]],
       # ugly hack for deleting undesired options (due to syntax duality)
       [ "essid", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless_essid", "" ],

Doesn't this introduce a race condition where the key has been updated first and then the file protected? If I understand the code paths correctly, moving the key line up one spot in the table's list should solve this race.

Thank you for the comment Kees, fixed with that upload:

 system-tools-backends (1.9.7-0ubuntu4) edgy; urgency=low
 .
   * debian/patches/01_chmod_network_interfaces_when_using_key.patch:
     - change permission before writting the key,
       thank to Kees Cook for pointing that

Thank you for reporting this bug.

Is this still an issue in gnome-system-tools (Debian)?

Heck if I know... I reported this bug like seven years ago, and haven't used
Debian for a long time.

On Tue, Sep 14, 2010 at 9:42 PM, rusivi1 <email address hidden> wrote:

> Thank you for reporting this bug.
>
> Is this still an issue in gnome-system-tools (Debian)?
>
> ** Changed in: gnome-system-tools (Debian)
> Status: New => Incomplete
>
> --
> [network-admin] WEP key stored in world-readable /etc/network/interfaces
> https://bugs.launchpad.net/bugs/14392
> You received this bug notification because you are a direct subscriber
> of a duplicate bug (29372).
>

I found that after doing a fresh install of 13.10 server, the wpa passphrase for the network used during install was stored in plain text in /etc/network/interfaces and by default the file has 644 permissions.

As stated by the original creator, this is a potential security risk.

against netcfg. Needs testing.

The attachment "proposed patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

I am marking this bug as confirmed because it has been confirmed in many duplicates.