[network-admin] WEP key stored in world-readable /etc/network/interfaces

Bug #14392 reported by Norbert Kiesel
84
This bug affects 3 people
Affects Status Importance Assigned to Milestone
gnome-system-tools (Debian)
Incomplete
Undecided
Unassigned
gnome-system-tools (Ubuntu)
Fix Released
High
Ubuntu Desktop Bugs
netcfg (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

the WEP key is stored in cleartext in /etc/network/interfaces and the file has
mode 644.
I'd consider this a security breach.

Revision history for this message
Matt Zimmerman (mdz) wrote :

Considering that WEP is essentially flawed anyway, and that a user logged into
the system can generally access the network (and mount a cleartext attack too),
this doesn't seem like cause for concern. Martin?

Revision history for this message
Thomas Hood (jdthood) wrote :

Although I agree that this is a problem, I would rather not see
/etc/network/interfaces's readability restricted. We could modify the
wireless-tools package to use a separate wep-keys file for storing WEP
keys and then remove read permission from that. Compare
/etc/ppp/pap-secrets and /etc/waproamd/keys/ in the Debian ppp and
waproamd packages, respectively. This may require changes to the
installer and to any configuration tools that write WEP keys to /e/n/i.

Revision history for this message
Martin Pitt (pitti) wrote :

(In reply to comment #1)
> Considering that WEP is essentially flawed anyway, and that a user logged into
> the system can generally access the network (and mount a cleartext attack too),
> this doesn't seem like cause for concern. Martin?

I basically agree. We shouldn't break Hoary that close to the release with doing
such changes. However, I like Thomas' proposal with a separate key file anyway;
sooner or later we have to support WPA too, and will get the same problem. So we
should aim to externalize the key file (if this is relevant to WPA) for Breezy.

Revision history for this message
Thomas Hood (jdthood) wrote :

Agree.

If possible it would be a nice if the user were warned somewhere (e.g.,
in the release notes) that a WEP key entered in the installer or added
to /e/n/i in some other way is publicly visible.

Revision history for this message
Thomas Hood (jdthood) wrote :

Regarding the WEP-keys-in-separate-file idea, I just checked the Debian BTS
and found that that idea has already been suggested in #295581 and rejected
there by the Debian maintainer. He wants the user to do this instead:

 pre-up iwconfig $IFACE key `cat keyfile`

Not terribly user-friendly.

Revision history for this message
Martin Pitt (pitti) wrote :

*** Bug 20074 has been marked as a duplicate of this bug. ***

Revision history for this message
Matt Zimmerman (mdz) wrote :

*** Bug 22221 has been marked as a duplicate of this bug. ***

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

This would probably be solved by adding Network Manager and storing the WEP keys in the GNOME Keyring?

Revision history for this message
Dennis Kaarsemaker (dennis) wrote :

s/probably/definitely/ :)

Revision history for this message
Matt Zimmerman (mdz) wrote :

Reassigned to gnome-system-tools; when it adds a key to this file, it should probably change the permissions.

Revision history for this message
isoboroff (isoboroff) wrote : Re: [Bug 14392] Re: [network-admin] WEP key stored in world-readable /etc/network/interfaces

For heaven's sake. This was a one liner bug fix and it's now been how
long since I reported it?
Ian

On 9/6/06, Sebastien Bacher <email address hidden> wrote:
> ** Summary changed:
>
> - WEP key stored in world-readable /etc/network/interfaces
> + [network-admin] WEP key stored in world-readable /etc/network/interfaces
>
> ** Tags added: network-admin
>
> --
> [network-admin] WEP key stored in world-readable /etc/network/interfaces
> https://launchpad.net/bugs/14392
>

Martin Pitt (pitti)
Changed in gnome-system-tools:
assignee: pitti → nobody
Revision history for this message
Sebastien Bacher (seb128) wrote :

please stay correct there is just lot of bugs and fixing them might take some time. If you want to help and make the fix faster feel free to send a patch

Changed in gnome-system-tools:
assignee: nobody → desktop-bugs
importance: Medium → High
Revision history for this message
Caroline Ford (secretlondon) wrote :

The problem here is that a user can connect other machines to the network if they have the WEP key.

Revision history for this message
Sebastien Bacher (seb128) wrote :

potential patch for the issue. The patch change the mod and group when a config is modified, we can make it changing it only when a key is written by using the "key" option

do we want to change that now for edgy or after edgy?

Revision history for this message
Martin Pitt (pitti) wrote :

Sebastien Bacher [2006-10-10 22:57 -0000]:
> potential patch for the issue. The patch change the mod and group when a
> config is modified, we can make it changing it only when a key is
> written by using the "key" option

The latter would be preferable IMHO. There's nothing to hide on an
usual desktop.

> do we want to change that now for edgy or after edgy?

It's straightforward and unintrusive, personally I'd like to see it in
Edgy.

Thanks, pitti

Revision history for this message
Sebastien Bacher (seb128) wrote :

Fixed with this upload:

 system-tools-backends (1.9.7-0ubuntu3) edgy; urgency=low
 .
   * debian/patches/01_chmod_network_interfaces_when_using_key.patch:
     - change network interfaces file mode to 640 and the group to "admin"
       when a key is set (Ubuntu: #14392)

The patch used:

diff -Nur system-tools-backends-1.9.7/Network/Ifaces.pm system-tools-backends-1.9.7.new/Network/Ifaces.pm
--- system-tools-backends-1.9.7/Network/Ifaces.pm 2006-10-06 00:16:51.000000000 +0200
+++ system-tools-backends-1.9.7.new/Network/Ifaces.pm 2006-10-11 12:28:42.000000000 +0200
@@ -693,6 +693,17 @@
   return (&get_debian_auto_by_stanza ($file, $iface) ne undef)? 1 : 0;
 }

+sub set_network_config_permission
+{
+ my ($key) = @_;
+
+ if ($key)
+ {
+ chmod 0640, "/etc/network/interfaces";
+ &Utils::File::run ("chgrp admin /etc/network/interfaces");
+ }
+}
+
 sub set_debian_auto
 {
   my ($file, $iface, $value) = @_;
@@ -3099,6 +3110,7 @@
       [ "gateway", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "gateway" ],
       [ "essid", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless-essid" ],
       [ "key", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless-key" ],
+ [ "key", \&set_network_config_permission, "%key%"],
       [ "key_type", \&set_wep_key_full, [ \&Utils::Replace::set_interfaces_option_str, INTERFACES, IFACE, "wireless-key", "%key%" ]],
       # ugly hack for deleting undesired options (due to syntax duality)
       [ "essid", \&Utils::Replace::set_interfaces_option_str, [INTERFACES, IFACE], "wireless_essid", "" ],

Changed in gnome-system-tools:
status: Confirmed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

Doesn't this introduce a race condition where the key has been updated first and then the file protected? If I understand the code paths correctly, moving the key line up one spot in the table's list should solve this race.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for the comment Kees, fixed with that upload:

 system-tools-backends (1.9.7-0ubuntu4) edgy; urgency=low
 .
   * debian/patches/01_chmod_network_interfaces_when_using_key.patch:
     - change permission before writting the key,
       thank to Kees Cook for pointing that

Matthew Woerly (nattgew)
Changed in wireless-tools:
status: New → Confirmed
status: Confirmed → Invalid
Revision history for this message
rusivi2 (rusivi2-deactivatedaccount) wrote :

Thank you for reporting this bug.

Is this still an issue in gnome-system-tools (Debian)?

Changed in gnome-system-tools (Debian):
status: New → Incomplete
Revision history for this message
isoboroff (isoboroff) wrote :

Heck if I know... I reported this bug like seven years ago, and haven't used
Debian for a long time.

On Tue, Sep 14, 2010 at 9:42 PM, rusivi1 <email address hidden> wrote:

> Thank you for reporting this bug.
>
> Is this still an issue in gnome-system-tools (Debian)?
>
> ** Changed in: gnome-system-tools (Debian)
> Status: New => Incomplete
>
> --
> [network-admin] WEP key stored in world-readable /etc/network/interfaces
> https://bugs.launchpad.net/bugs/14392
> You received this bug notification because you are a direct subscriber
> of a duplicate bug (29372).
>

Revision history for this message
Jeremy Loffredo (tarnishednite) wrote :

I found that after doing a fresh install of 13.10 server, the wpa passphrase for the network used during install was stored in plain text in /etc/network/interfaces and by default the file has 644 permissions.

As stated by the original creator, this is a potential security risk.

Revision history for this message
Ritesh Khadgaray (khadgaray) wrote :

against netcfg. Needs testing.

affects: wireless-tools (Ubuntu) → netcfg (Ubuntu)
Changed in netcfg (Ubuntu):
status: Invalid → New
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "proposed patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Thomas Hotz (thotz-deactivatedaccount) wrote :

I am marking this bug as confirmed because it has been confirmed in many duplicates.

Changed in netcfg (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.