From owner-cvs-all@FreeBSD.ORG Thu Jul 14 22:14:55 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C09C716A41C; Thu, 14 Jul 2005 22:14:55 +0000 (GMT) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FF5B43D45; Thu, 14 Jul 2005 22:14:55 +0000 (GMT) (envelope-from sam@errno.com) Received: from [66.127.85.91] ([66.127.85.91]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id j6EMErms095594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Jul 2005 15:14:54 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <42D6E50D.6000606@errno.com> Date: Thu, 14 Jul 2005 15:19:57 -0700 From: Sam Leffler User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050327) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Watson References: <200507141833.j6EIXLPA001703@repoman.freebsd.org> <42D6DD30.6020900@errno.com> <20050714224327.O35071@fledge.watson.org> <42D6E001.1020001@errno.com> <20050714225706.Q35071@fledge.watson.org> In-Reply-To: <20050714225706.Q35071@fledge.watson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/ifconfig ifconfig.8 ifconfig.c ifconfig.h ifieee80211.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 22:14:55 -0000 Robert Watson wrote: > > On Thu, 14 Jul 2005, Sam Leffler wrote: > >> As to printing sensitive material I question how important this is. >> If it's a wep key it's trivially cracked by other means. If it's a >> WPA or 802.1x key then it's rotated frequently and, for WPA at least, >> protected by addiitonal means that makes grabbing it via screen-scrape >> much less useful (only the GTK is displayed for WPA, not the PTK which >> is potentially more sensitive). If you want to improve the situation >> for disclosing sensitive info then we should work on adding keychain >> style storage for sensitive info like static keys and wpa-psk's. >> >> So I guess my argument against this is you're changing long-standing >> behaviour w/ little benefit. > > > Sorry about committing it over your objection -- I obviously > misremembered the degree to which you disagreed with the proposed > change. I'm willing to back it out, but not happy about the idea. > Here's my view on things: > > Either the key is sensitive, or it's not. If it's not, then why are we > checking for root privilege? If it is, why are we printing it without > being asked to? > > I'm a fan of the model that says ifconfig(8) manages all the properties > of the network interface. However, part of ifconfig(8) managing more > complex properties of those interfaces is that it has to respect the > sensitivity of the data it handles. This never came up before for > ifconfig(8) because we didn't consider any of the data it handled > sensitive. Running "ifconfig" or "ifconfig -a" is a fairly common > administrator activity to check the configuration of the system. When > it comes to people looking over your shoulder, scroll-back, > /var/log/console.log, or dmesg -a output, I would prefer that keying > material not appear there unless specifically requested. > > As to historical behavior -- I've been complaining even since that > behavior with ifconfig(8) since I first noticed it, as you pointed out. > I think wicontrol's behavior was improper also, but at least it wasn't > printed out automatically every time the system booted, or every time I > check to see if I have an association. You didn't point out keys were being printed on boot (so it goes in /var/log/messages etc.). In that case I'm fine with this change. Sam