On 02/19/2017 01:34 PM, Mathias Kresin wrote: > 19.02.2017 13:10, Alberto Bursi:
> I'm still the opinion that bringing up an unencrypted wireless without > user interaction is really bad idea. > > The commit fixed the following problem: A user flashes one of the > mentioned devices and is not aware that the flash is finished or (s)he > get distracted in between. During this time period anyone can connect to > the AP and can do harmful things. What "harmful things" you had in mind? That device with default config is disconnected from anything as it lacks ethernet, only thing that can be done is some kind of malware injection in the device itself from someone else in relative vicinity. Assuming this is a threat at all, would this system stop this? I doubt it. Such things would likely be automated bots, and a few seconds after the user pushes the button to enable the wifi to do his first configuration such bots will have already pwned the device. Leaving wifi on in router/AP devices is bad and we all agree (people may forget the wifi open for ages, has happened and will happen again), but on these devices where there is no ethernet the user MUST connect and configure the device anyway, and this means he MUST touch wifi configuration anwyay and make his own choices on passwords and whatnot. It's very unlikely he will "forget" it open as the device will not work *at all* until he does. And even if he does, the device will only be exposed to the abovementioned (highly unlikely) malware injections from a local attacker, not leave his internet free for all and also access to devices in his LAN. LEDE does not enforce password complexity (nor having a password at all), nor limit number of login attempts, nor protect by default serial with login that are far more interesting attack vectors affecting far more devices. Then we have restrictions for very specific corner cases like blocking access to uboot/bootloader envs and this wifi-disabled-that-requires-a-button-to-be-enabled. The main reason I'm so vocal about this is that you are remapping buttons that would be more useful if left free for the user to set up for his own use, without having to patch the sources. -Alberto _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
