On Wed, Apr 30, 2014 at 03:55:59PM -0500, Dan Williams wrote: > On Wed, 2014-04-30 at 16:12 -0400, Chuck Anderson wrote: > > If I once connected to an open network called "MyFavoriteCoffeeShop" > > then later on someone creates a network with the same name but with > > malicous intent, will NetworkManager connect to it automatically? > > If it uses the same SSID and compatible security settings, then yes. > That's the nature of 802.11. However, if the malicious user doesn't > know the password that you have saved on your machine, or the network's > CA certificate does not validate, then the attempt will fail. Right, so NetworkManager shouldn't treat a WIFI network connection as "trusted" by default unless it is using secure credentials. For open networks, it probably shouldn't connect automatically by default at all. It certainly shouldn't update resolv.conf with the domain from DHCP on such a network, and it shouldn't assign such a network to the "trust" zone of the firewall by default (to bring all these threads together...) I'd argue that even a WEP or WPA-PSK network /by default/ should not do those things. Probably the only networks where it MAY default to the following behavior: - Connect automatically - Use DHCP provided domain name - Assign network to "trust" zone for firewall or network sharing settings are these types of networks: - Wired network - Wi-Fi with WPA-Enterprise where there is mutual authentication going on (supplicant verifies server certificate as trusted) For other Wi-Fi security types (open, WEP, WPA-PSK), you might be able to remember the BSSID, IP subnet, router MAC address, or other detectable things (like UPnP) to guess that you are on the same network as before, and use that to decide if you should apply that same "trust" settings as before. > Furthermore, if the user creates a network of a different type (eg, > Ad-Hoc but yours is infrastructure), NM will not attempt to connect to > it. > > Yes, there are ways to game the system, so you are correct that there > are some cases where NetworkManager could automatically attempt to > connect to a malicious network that mimics a known network, the same as > with most other OSs and phones. It seems like a useful concept to simplify the user experience by lumping the above things together in a concept of "trust", while still allowing a user to go in and override the settings if desired. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
