Package: ifupdown Version: 0.7.45 Severity: grave Tags: security Justification: user security hole
I’ve got a configuration snippet in /etc/network/interfaces (chmod 0600, root-owned) on my work laptop like the following one: iface tarent-lan inet dhcp wireless-mode Managed wireless-essid tarent-lan wpa-ssid tarent-lan wpa-key-mgmt WPA-EAP wpa-identity tglase wpa-password xxx This is for “enterprise” WPA, which was introduced here last week. Now I normally run “sudo ifup -v wlan0=tarent-lan” to activate it, but ifupdown then displays the wpa-password in cleartext. This does *not* happen for “regular” WPA, like this (from FOSDEM): iface bruxelles inet dhcp wireless-mode Managed wireless-essid "HOTEL-BEVERLY-HILLS 3" wpa-ssid "HOTEL-BEVERLY-HILLS 3" wpa-psk xxx Please hide this information. Additionally, it would be very nice if I could write the passwords (both wpa-psk and wpa-password) into a *separate* file, so access to /e/n/i needs not to be restricted that much. I’ve not got a good feeling having my LDAP password be written there in the plaintext… -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.11-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Versions of packages ifupdown depends on: ii file-rc 0.8.16 ii initscripts 2.88dsf-43 ii iproute2 3.11.0-1 ii libc6 2.17-93 ii lsb-base 4.1+Debian12 Versions of packages ifupdown recommends: ii isc-dhcp-client [dhcp-client] 4.2.4-7 Versions of packages ifupdown suggests: ii net-tools 1.60-25 ii ppp 2.4.5-5.2 pn rdnssd <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org