There have been several instances of people mailing out WPA keys as
part of ifconfig output, e.g. in bug reports. This happens when you
run ifconfig as root and copy/paste without thinking.
I see no real need to ever show the key except in circumstances where
the key needs to be legitimately passed on to someone else ("do you
happen to know the wifi key?" in a bar). Though for devices which
want the plaintext passphrase instead of the hashed key our ifconfig
output is already useless for this purpose anyway.
This diff makes the WPA key available only if the interface is in
debug mode (suggestion by phessler). If this is acceptable then I
can also try to squeeze a hint into the ifconfig man page so that
this mechanism can be discovered by those who don't read kernel code.
OK?
Index: ieee80211_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.55
diff -u -p -r1.55 ieee80211_ioctl.c
--- ieee80211_ioctl.c 27 Oct 2017 12:22:40 -0000 1.55
+++ ieee80211_ioctl.c 17 Nov 2017 10:13:06 -0000
@@ -491,8 +491,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
psk = (struct ieee80211_wpapsk *)data;
if (ic->ic_flags & IEEE80211_F_PSK) {
psk->i_enabled = 1;
- /* do not show any keys to non-root user */
- if (suser(curproc, 0) != 0) {
+ if (suser(curproc, 0) != 0 ||
+ (ifp->if_flags & IFF_DEBUG) == 0) {
psk->i_enabled = 2;
memset(psk->i_psk, 0, sizeof(psk->i_psk));
break; /* return ok but w/o key */
