From robert@fledge.watson.org  Thu Aug 31 09:06:20 2000
Return-Path: <robert@fledge.watson.org>
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 9679C37B423
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 31 Aug 2000 09:06:19 -0700 (PDT)
Received: (from robert@localhost)
	by fledge.watson.org (8.9.3/8.9.3) id MAA25648;
	Thu, 31 Aug 2000 12:06:18 -0400 (EDT)
	(envelope-from robert)
Message-Id: <200008311606.MAA25648@fledge.watson.org>
Date: Thu, 31 Aug 2000 12:06:18 -0400 (EDT)
From: rwatson@freebsd.org
Sender: robert@fledge.watson.org
Reply-To: rwatson@freebsd.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: wicontrol (and supporting ioctls/sysctls, presumably) reveal crypto key
X-Send-Pr-Version: 3.2

>Number:         20963
>Category:       kern
>Synopsis:       wicontrol (and supporting calls) reveal hardware crypto key to any user
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    wpaul
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 31 09:10:01 PDT 2000
>Closed-Date:    Thu Sep 7 10:11:02 PDT 2000
>Last-Modified:  Thu Sep 07 10:11:53 PDT 2000
>Originator:     Robert Watson
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
NAI Labs at Network Associates
>Environment:

4.1-STABLE, using Wavelan wi driver, with hardware encryption enabled.

>Description:

wicontrol will show the hardware crypto key to any user.  Probably, 
release of the crypto key should occur only to a process with appropriate
privilege.  This cannot just be done in wicontrol, but must be done at
the ioctl used to retrieve the key, in kernel.  Access to the system
should not imply complete access to the network infrastructure.

>How-To-Repeat:

wicontrol -i wi0

>Fix:

Not attached.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->wpaul 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Thu Aug 31 09:52:36 PDT 2000 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20963 
State-Changed-From-To: open->closed 
State-Changed-By: wpaul 
State-Changed-When: Thu Sep 7 10:11:02 PDT 2000 
State-Changed-Why:  
Added suser() check to wi_ioctl() to prevent it from returning encryption 
keys to the caller unless they're root. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20963 
>Unformatted:
