You are not logged in.
Hello, am i the only one whom seems a security issue that netcfg stores passwords for wireless networks in plain text in /etc/network.d ? By default permissions are such that any user can read them, shouldn't this be a problem?
I'm the only user on my computer; I was just wondering if this is a good practice.
Offline
This is noted on the wiki: Netcfg#Configuration
chmod 0600 /etc/network.d/mynetwork
M*cr*s*ft: Who needs quality when you have marketing?
Offline
You could change permission if it bothers you. wpa_passphrase is also an option. I don't know how safe it is though. . .
Whether it is good practice: I simply don't know . . .
--Rasmus
Arch x64 on Thinkpad X200s/W530
Offline
thanks for the chmod from the wiki, I'll do that. Still I wonder if they shouldn't be crypted someway, but I guess it's not possible since the system needs to know them somehow when it connects (so even if they were crypted there should be a way to decrypt them, which doesn't really solve the problem).
Offline
How do you think the other things like network manager or wicd do it? "Save password" is the same no matter what.... And additionally, there are no "default" permissions for profiles as those are entirely user-generated
[git] | [AURpkgs] | [arch-games]
Offline
How do you think the other things like network manager or wicd do it? "Save password" is the same no matter what.... And additionally, there are no "default" permissions for profiles as those are entirely user-generated
Well, /etc/network.d/ could be 0600 too...
Offline
didnt it bother you when the ubuntu network manager bothered for the keyring password everytime it tried to access a network? thats how it was 'solved'
i dont see how this could be a security issue because:
a) to access the file remotely, you need to already be connected to the network.
b) if someone you dont trust has local access to the keyboard. then you have bigger problems than leaking your wireless password.
Offline
And another thread moves...
Offline