Bug#555680: System information in bug reports may be security-sensitive
Hi
r14441 [1], "hide wireless keys and wake-on-LAN password when including
network configuration in bug reports (bug #555680)".
It is unfortunately not enough to prune "wireless-key" from bugreports, as
wpasupplicant defines additional means to configure passwords for wireless
links[2], namely wpa-psk and wpa-password. Additionally I suggest to prune
commented out lines as well, as these might contain passwords or other
sensitive information and have no relevance for bugreporting.
The attached, valid, /etc/network/interfaces example illustrates the
problem with these means of configuration. The following patch applies to
sid and trunk of linux-2.6 (r14649).
[1] http://svn.debian.org/viewsvn/kernel/dists/sid/linux-2.6/debian/templates/image.plain.bug/include-network?r1=14441&r2=14597
[2] http://svn.debian.org/viewsvn/pkg-wpa/wpasupplicant/trunk/debian/README.Debian?view=markup
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Index: debian/templates/image.plain.bug/include-network
===================================================================
--- debian/templates/image.plain.bug/include-network (revision 14649)
+++ debian/templates/image.plain.bug/include-network (working copy)
@@ -5,7 +5,10 @@
echo '** Network interface configuration:' >&3
# Hide passwords/keys
awk '$1 ~ /^wireless-key/ { gsub(".", "*", $2); }
+ $1 ~ /^wpa-psk/ { gsub(".", "*", $2); }
+ $1 ~ /^wpa-password/ { gsub(".", "*", $2); }
$1 == "ethtool-wol" { gsub(".", "*", $3); }
+ !/^\#/
{ print; }
' </etc/network/interfaces >&3
echo >&3
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface linksys_aes inet dhcp
iface default inet dhcp
auto wlan1
iface wlan1 inet dhcp
wpa-ssid something
wpa-psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# wpa-psk 2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
auto wlan2
iface wlan2 inet dhcp
wpa-ssid somethingelse
wpa-password myplaintextpassword
# wpa-password yourplaintextpassword
auto wlan3
iface wlan3 inet dhcp
wireless-essid somethingveryelse
wireless-key mypassword
# wireless-key yourpassword
Reply to: