Bug 73850 - neat writes wep key to world-readable file
Summary: neat writes wep key to world-readable file
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-network
Version: 8.0
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
: 80369 (view as bug list)
Depends On:
Blocks: 79579 81720
TreeView+ depends on / blocked
 
Reported: 2002-09-12 07:18 UTC by Mike McLean
Modified: 2008-05-01 15:38 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-02-04 16:11:32 UTC
Embargoed:

Attachments (Terms of Use)

Description Mike McLean 2002-09-12 07:18:18 UTC 
* initscripts-6.95-1
* redhat-config-network-1.1.20-1

If you configure a wireless interface with neat and set an encryption key, that
key is stored in the world readable file
/etc/sysconfig/network-scripts/ifcfg-eth?. This doesn't exactly live up to
"secure by default".  

iwconfig goes to the trouble of not letting mortal users see the encryption key,
but that effort is wasted since the user can just read it out of the network config.

neat should chmod 600 /etc/sysconfig/network-scripts/ifcfg-eth? if it contains
wep keys.  Alternately, initscripts handling of wireless devices could be
restructured to hide this info without locking down the whole file (perhaps a
file ifshadow.eth?).
Comment 1 Mike McLean 2003-01-02 20:26:50 UTC 
*** Bug 80369 has been marked as a duplicate of this bug. ***
Comment 2 Harald Hoyer 2003-02-04 16:11:32 UTC 
should be fixed in cvs
Note You need to log in before you can comment on or make changes to this bug.