Re: A comment on NetworkManager
- From: "Robert G. Brown" <rgb phy duke edu>
- To: Jon Escombe <lists dresco co uk>
- Cc: NetworkManager-list gnome org, Russell Harrison <rtlm10 gmail com>
- Subject: Re: A comment on NetworkManager
- Date: Thu, 11 May 2006 14:07:31 -0400 (EDT)
On Thu, 11 May 2006, Jon Escombe wrote:
Robert G. Brown wrote:
This is a (smart) user choice, of course, but many users or new account
programs might create the tree 755 or whatever. And besides, as long as
it is stored even 700 in cleartext, using a "decryption" step via the
keyring is just silly. Either store it encrypted (only) or don't bother
encrypting it. I'm inclined toward having the choice -- a userspace 700
DEFAULT security level on this part of the .gconf tree or at least all
files containing keys OR not storing the keys there at all and using
strict encryption.
Must admit I'm puzzled by these posts.. I've checked the %gconf.xml files for
all the WEP networks I've connected to, and there's no key in any of them.
Could you have left-overs from an old version?
rgb lilith|B:1045>dir
DUKE/ hpsetup/ LinkSys_CifTAN/ NETGEAR/ sposton/
Freedomlink/ Latimore/ mpp/ PASSYM/ tunl 32@wireless/
%gconf.xml linksys/ NCM_Guest/ myessid/
rgb lilith|B:1046>cat myessid/%gconf.xml
<?xml version="1.0"?>
<gconf>
<entry name="addresses" mtime="1127738223" type="list"
ltype="string">
<li type="string">
<stringvalue>0:c:41:7b:42:88</stringvalue>
</li>
</entry>
<entry name="auth_method" mtime="1147352804" type="int"
value="2">
</entry>
<entry name="key_type" mtime="1147352804" type="int" value="2">
</entry>
<entry name="key" mtime="1127738218" type="string">
<stringvalue>(IT WAS HERE)</stringvalue>
</entry>
<entry name="essid" mtime="1147352804" type="string">
<stringvalue>myessid</stringvalue>
</entry>
<entry name="timestamp" mtime="1147352804" type="int"
value="1147352804">
</entry>
</gconf>
rgb lilith|B:1047>rpm -qv NetworkManager
NetworkManager-0.5.1-1.FC4.4
(where I've hidden the essid and WEP key for obvious reasons:-)
My network dropped (for no apparent reason) while I was typing this --
again. And then again. And yet again. Sigh. And every time I have to
paste in my WEP key FROM the %gconf.sxml file because NM apparently
doesn't display non-broadcast ESSID connections, or lookup their keys
even though they are stored.
Maybe this stuff is fixed in latest version or FC5, dunno. Probably
time to go get a clean copy of the latest sources and see, or grab the
FC5 rpms and try rebuilding them for 4.
That said, my private key password (for a WPA2 network) is stored in the .xml
file rather than the keyring ;), but doubtless it'll be stored somewhere
better in due course..
Yeah, for WPA-2 having them saved clear even 700 is probably uncool.
But for WEP I'd store the keys clear 700 in a heartbeat (where they are
anyway) IF NM would just skip the keyring application that obviously
isn't doing much for security...
rgb
Regards,
Jon.
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb phy duke edu
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]