You are not logged in.

#1 2010-03-21 16:53:41

Nareto
Member
From: Pisa,Italy
Registered: 2009-07-18
Posts: 148

netcfg: passwords are stored in plain text

Hello, am i the only one whom seems a security issue that netcfg stores passwords for wireless networks in plain text in /etc/network.d ? By default permissions are such that any user can read them, shouldn't this be a problem?
I'm the only user on my computer; I was just wondering if this is a good practice.

Offline

#2 2010-03-21 18:13:03

pointone
Wiki Admin
From: Waterloo, ON
Registered: 2008-02-21
Posts: 379

Re: netcfg: passwords are stored in plain text

This is noted on the wiki: Netcfg#Configuration

chmod 0600 /etc/network.d/mynetwork

M*cr*s*ft: Who needs quality when you have marketing?

Offline

#3 2010-03-21 18:16:34

Pank
Member
From: IT
Registered: 2009-06-13
Posts: 371

Re: netcfg: passwords are stored in plain text

You could change permission if it bothers you. wpa_passphrase is also an option. I don't know how safe it is though. . .

Whether it is good practice: I simply don't know . . .

--Rasmus


Arch x64 on Thinkpad X200s/W530

Offline

#4 2010-03-21 18:27:26

Nareto
Member
From: Pisa,Italy
Registered: 2009-07-18
Posts: 148

Re: netcfg: passwords are stored in plain text

thanks for the chmod from the wiki, I'll do that. Still I wonder if they shouldn't be crypted someway, but I guess it's not possible since the system needs to know them somehow when it connects (so even if they were crypted there should be a way to decrypt them, which doesn't really solve the problem).

Offline

#5 2010-03-21 19:00:20

Daenyth
Forum Fellow
From: Boston, MA
Registered: 2008-02-24
Posts: 1,244

Re: netcfg: passwords are stored in plain text

How do you think the other things like network manager or wicd do it? "Save password" is the same no matter what.... And additionally, there are no "default" permissions for profiles as those are entirely user-generated

Offline

#6 2010-03-21 21:53:01

Surgat_
Member
Registered: 2007-08-08
Posts: 317

Re: netcfg: passwords are stored in plain text

Daenyth wrote:

How do you think the other things like network manager or wicd do it? "Save password" is the same no matter what.... And additionally, there are no "default" permissions for profiles as those are entirely user-generated

Well, /etc/network.d/ could be 0600 too...

Offline

#7 2010-03-22 02:18:52

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,028

Re: netcfg: passwords are stored in plain text

didnt it bother you when the ubuntu network manager bothered for the keyring password everytime it tried to access a network? thats how it was 'solved'

i dont see how this could be a security issue because:

a) to access the file remotely, you need to already be connected to the network.
b) if someone you dont trust has local access to the keyboard. then you have bigger problems than leaking your wireless password.

Offline

#8 2010-03-23 03:02:02

skottish
Forum Fellow
From: Here
Registered: 2006-06-16
Posts: 7,942

Re: netcfg: passwords are stored in plain text

And another thread moves...

Offline

Board footer

Powered by FluxBB