Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Anaconda makes the user connect to unknown wifi networks automatically|
|Product:||[Fedora] Fedora||Reporter:||Kamil Páral <kparal>|
|Component:||anaconda||Assignee:||Anaconda Maintenance Team <anaconda-maint-list>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||16||CC:||anaconda-maint-list, awilliam, collura, dcbw, jonathan, mads, matt, next.little.owl, robatino, satellitgo, tflink, vanmeeuwen+fedora, vaughn.jayson|
|Fixed In Version:||anaconda-16.25-1.fc16||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2011-11-03 00:59:35 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Kamil Páral 2011-11-02 14:04:23 EDT
Description of problem: When installing Fedora from pxeboot, netinst or DVD with network repositories enabled, NetworkManager tries to automatically connect to unknown wifi networks in the installed system, preferably to those without password. That is caused by the fact that the anaconda installer marks all the available wifi networks during installation as "known". It is easily visible in the nm-connection-editor dialog that pops up before the installation -- all the visible wifi networks are added to Wireless tab. But that means that after the system is installed, all those networks are "known/trusted" and NM connects to them automatically. I believe this is a quite serious security issue, because the user can be connected to an untrusted third-party wifi network without knowing it and his/her private data sent over that network. Note: In the installer I canceled anaconda's request to connect to a wifi network. Nevertheless all available wifi networks were added to NM. This does not happen with default DVD or Live install, because it doesn't use network repositories by default. In that case the system doesn't try to connect to unknown wifi networks, because the Wireless tab in nm-connection-editor is completely empty. Version-Release number of selected component (if applicable): Fedora 16 RC4 anaconda-16.24 How reproducible: always Steps to Reproduce: 1. Install from pxeboot, netinst or DVD with network repositories enabled 2. Cancel the request to connect to a wifi network 3. Observe Wireless tab, all wifi networks around you were added to it 4. Install 5. Observe that the system automatically connects to any wifi network listed in the Wireless tab in nm-connection-editor, preferably to those without a password 6. Send over your Facebook password and soon you'll know whether someone was listening
Comment 1 Adam Williamson 2011-11-02 14:10:48 EDT
proposing as blocker for discussion during go/no-go meeting. can you check if f15 behaves the same way? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 2 Kamil Páral 2011-11-02 15:07:11 EDT
In Fedora 15 the behavior is different. Into the Wireless tab in nm-connection-editor is automatically added only one wifi network (as opposed to all visible networks in Fedora 16). That is the one that was proposed to me during the installation as the default one to connect to (I cancelled that request). After system is installed it does not try to connect to that single wifi network. I don't whether that is caused by the fact that that single wifi network is WPA2 protected or by the fact that "Connect automatically" is not checked in its preferences. I'll install F16 again to know more and be able to compare.
Comment 3 Kamil Páral 2011-11-02 15:27:39 EDT
So, in F16 I have ~ 10 wifi connections added to Wireless tab in nm-connection-editor and all of them have "Connect automatically" checked. The system really tries to connect to some of them (it seems only to those password-less). It's probably safe to say that F15 was not affected by this issue (one wifi added, but not set to auto-connect), F16 is (many wifis added, all set to auto-connect).
Comment 4 satellitgo 2011-11-02 15:50:01 EDT
Fedora-16-RC3-x86_64-netinst.iso Acer Aspire One N450 with external CD/DVD writer CD boot to anaconda 16.24 Use whole disk [non lvm] I did not use [configure networks] link in anaconda formatted HD then asked to connect to wired and then wireless canceled got pop up: "No Network Available" "Some of your software repositories require networking. but there was an error enabling the network on your system" [exit installer] So I do not see this bugs behavior on RC3 netinst.iso
Comment 5 Dan Williams 2011-11-02 16:50:32 EDT
NM itself won't ever create network configs it's not told to create (except for a default wired/ethernet connection if there are no others), so NM won't ever connect to wifi networks that something else (the user or a program) hasn't told NM to connect to before. But it looks like anaconda is doing something like this here. See pyanaconda/gui.py: # we might want to do this only once if self.anaconda.network.hasWirelessDev(): # NOTE: For wireless, we need supplicant to go to ready state, # that means to get the wireless device managed by NM self.anaconda.network.writeIfcfgFiles() w = self.anaconda.intf.waitWindow(_("Wireless setup"), _("Scanning access points for wireless devices")) # get available wireless APs dev_all_ssids = self.anaconda.network.getSSIDs() w.pop() # select wireless APs dev_ssids = selectSSIDsDialog(dev_all_ssids) or dev_all_ssids self.anaconda.network.writeSSIDifcfgs(dev_ssids) which grabs a list of all SSIDs that NM can see and apparently writes configuration out for every one of them. That's pretty wrong. I'm not sure what it's trying to accomplish here, but if anaconda is going to let users install or set up wifi connections, it should ask the user which specific wifi network they'd like to use, instead of adding config for every known wifi network, which as you've seen is a security risk. So the question here is: what is the expected anaconda behavior for wifi and what exactly is that block of gui.py attempting to accomplish?
Comment 6 Adam Williamson 2011-11-02 16:58:59 EDT
Thanks, Dan. Most of that code block has been around since April 2010, but the last line, which writes out configs for all the SSIDs (by the looks of it): self.anaconda.network.writeSSIDifcfgs(dev_ssids) was added in: commit fbbc92b1fc7ab0143015ab5a5ed5c06a373abd9c Author: Vratislav Podzimek <email@example.com> Date: Tue Jun 7 12:18:08 2011 +0200 changes needed to have per-connection ifcfg files for wifi connections Proposed in this thread: https://www.redhat.com/archives/anaconda-devel-list/2011-June/msg00042.html doesn't seem to have been reviewed by anyone. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 7 satellitgo 2011-11-02 17:09:03 EDT
Created attachment 531453 [details] when [Configure Wireless] is clicked and then canceled in netinstRC3 anaconda
Comment 8 satellitgo 2011-11-02 17:11:12 EDT
(In reply to comment #7) > Created attachment 531453 [details] > when [Configure Wireless] is clicked and then canceled in netinstRC3 anaconda Comment 4: Fedora-16-RC3-x86_64-netinst.iso Acer Aspire One N450 with external CD/DVD writer CD boot to anaconda 16.24 Use whole disk [non lvm] I did not use [configure networks] link in anaconda formatted HD then asked to connect to wired and then wireless canceled got pop up: "No Network Available" "Some of your software repositories require networking. but there was an error enabling the network on your system" [exit installer] So I do not see this bugs behavior on RC3 netinst.iso [Configure Wireless] is clicked and then canceled in netinstRC3 anaconda the whole list of wireless are configured
Comment 9 Kamil Páral 2011-11-02 17:42:30 EDT
Attachment 531453 [details] confirms exactly what I have seen. After anaconda asks what wifi to connect to (and I cancelled that request every time), nm-connection-editor pops up and the Wireless tab is heavily populated, just as in the screenshot by satellit. These settings are then transferred to the final system installation.
Comment 10 Brian Lane 2011-11-02 18:50:23 EDT
Created attachment 531461 [details] patch To reproduce you need to cancel when it asks what wifi to use, this is a dialog after it asks which device and before the NM dialog. This patch: http://bcl.fedorapeople.org/updates/750896.img fixes things for me. It removes the code that passes all the ssid's if cancel is hit on that dialog. Instead it doesn't write any ifcfg files for ssids. It is a bit tricky to test since you generally need networking up to fetch the update. I hand-patched things from tty2 while loader was asking for the keyboard (this is before anaconda itself is started). I'll attach the patch.
Comment 11 Adam Williamson 2011-11-02 20:39:00 EDT
my vote is -1 blocker +1 nth given our understanding, we should pull this into rc5. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 12 Jayson Vaughn 2011-11-02 20:58:24 EDT
I reproduced's Brian patch by also hand typing out the changes from tty2 before anaconda loads. I hit cancel and none of the wireless ifcfg scripts were created. This seems to work for me. I second -1 blocker +1 nth now. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 13 Tim Flink 2011-11-02 21:11:30 EDT
I manually entered the patch from c#10 on tty2 as anaconda started. I hit cancel when asked to choose a wireless AP and no wireless networks are enabled after installation. I third -1 blocker +1 nth That makes for -3 blocker +3 nth, changing to RejectedBlocker, AcceptedNTH
Comment 14 Fedora Update System 2011-11-02 21:14:50 EDT
anaconda-16.25-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/anaconda-16.25-1.fc16
Comment 15 Fedora Update System 2011-11-03 00:59:35 EDT
anaconda-16.25-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Kamil Páral 2011-11-03 03:59:46 EDT
Fix confirmed in RC5.
Comment 17 Václav Mocek 2011-11-03 08:12:38 EDT
I can confirm, that it was fixed. I was able to reproduce it in RC3 and RC5 works just fine.