Red Hat Bugzilla – Bug 73850
neat writes wep key to world-readable file
Last modified: 2008-05-01 11:38:03 EDT
If you configure a wireless interface with neat and set an encryption key, that
key is stored in the world readable file
/etc/sysconfig/network-scripts/ifcfg-eth?. This doesn't exactly live up to
"secure by default".
iwconfig goes to the trouble of not letting mortal users see the encryption key,
but that effort is wasted since the user can just read it out of the network config.
neat should chmod 600 /etc/sysconfig/network-scripts/ifcfg-eth? if it contains
wep keys. Alternately, initscripts handling of wireless devices could be
restructured to hide this info without locking down the whole file (perhaps a
*** Bug 80369 has been marked as a duplicate of this bug. ***
should be fixed in cvs