Re: [PATCH] hostapd: disable logging of wpa_passphrase

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 17, 2024 at 09:46:48AM +0100, Christian Korber wrote:
> During the initialization of hostapd, the configuration file is logged in
> the syslog and the wpa_passphrase is also logged.

What do you mean with the configuration file being logged? And in
particular, where do you see wpa_passphrase being logged?

> This is not ideal from a security point of view. Therefore this commit allows
> the output if compiled in debug mode.

I don't see how this would really be doing that..

>  .../804-disable-logging-of-passphrase.patch       | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
>  create mode 100644 package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch

This is not really a style that would be used for the upstream
hostap.git repository.. Instead of adding patches to file some files,
the changes should modify the files themselves..

> diff --git a/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch b/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch

> +--- a/src/ap/hostapd.c
> ++++ b/src/ap/hostapd.c
> +@@ -3378,8 +3378,11 @@ hostapd_interface_init_bss(struct hapd_i
> + 		}
> + 	}
> + 
> +-	wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
> ++	if (CONFIG_MSG_MIN_PRIORITY <= MSG_DEBUG){
> ++		wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
> + 		   config_fname, phy, iface ? "" : " --> new PHY");
> ++	}

This does not really log the configuration file; it logs only its name.
In other words, no passphrases are logged here..

CONFIG_MSG_MIN_PRIORITY is not defined in hostap.git, so this change
would not even compile.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux