On Tue, Dec 17, 2024 at 09:46:48AM +0100, Christian Korber wrote: > During the initialization of hostapd, the configuration file is logged in > the syslog and the wpa_passphrase is also logged. What do you mean with the configuration file being logged? And in particular, where do you see wpa_passphrase being logged? > This is not ideal from a security point of view. Therefore this commit allows > the output if compiled in debug mode. I don't see how this would really be doing that.. > .../804-disable-logging-of-passphrase.patch | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > create mode 100644 package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch This is not really a style that would be used for the upstream hostap.git repository.. Instead of adding patches to file some files, the changes should modify the files themselves.. > diff --git a/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch b/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch > +--- a/src/ap/hostapd.c > ++++ b/src/ap/hostapd.c > +@@ -3378,8 +3378,11 @@ hostapd_interface_init_bss(struct hapd_i > + } > + } > + > +- wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s", > ++ if (CONFIG_MSG_MIN_PRIORITY <= MSG_DEBUG){ > ++ wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s", > + config_fname, phy, iface ? "" : " --> new PHY"); > ++ } This does not really log the configuration file; it logs only its name. In other words, no passphrases are logged here.. CONFIG_MSG_MIN_PRIORITY is not defined in hostap.git, so this change would not even compile. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap