Bug 73850 - neat writes wep key to world-readable file
neat writes wep key to world-readable file
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-network (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
: 80369 (view as bug list)
Depends On:
Blocks: 79579 81720
  Show dependency treegraph
Reported: 2002-09-12 03:18 EDT by Mike McLean
Modified: 2008-05-01 11:38 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-02-04 11:11:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike McLean 2002-09-12 03:18:18 EDT
* initscripts-6.95-1
* redhat-config-network-1.1.20-1

If you configure a wireless interface with neat and set an encryption key, that
key is stored in the world readable file
/etc/sysconfig/network-scripts/ifcfg-eth?. This doesn't exactly live up to
"secure by default".  

iwconfig goes to the trouble of not letting mortal users see the encryption key,
but that effort is wasted since the user can just read it out of the network config.

neat should chmod 600 /etc/sysconfig/network-scripts/ifcfg-eth? if it contains
wep keys.  Alternately, initscripts handling of wireless devices could be
restructured to hide this info without locking down the whole file (perhaps a
file ifshadow.eth?).
Comment 1 Mike McLean 2003-01-02 15:26:50 EST
*** Bug 80369 has been marked as a duplicate of this bug. ***
Comment 2 Harald Hoyer 2003-02-04 11:11:32 EST
should be fixed in cvs

Note You need to log in before you can comment on or make changes to this bug.