GNOME Bugzilla – Bug 346342
wireless-key from /etc/network/interfaces not escaped
Last modified: 2012-11-24 20:29:53 UTC
That bug has been opened on https://launchpad.net/distros/ubuntu/+source/gnome-system-tools/+bug/50386 "Affecting Dapper and if memory serves right, Breezy, too: While fighting with my wireless card, ndiswrapper and the tool to set up wireless network cards in gnome, I did: # iwconfig wlan0 essid <something> key s:<passphrase> and got no connection because I have a space character in my WEP passphrase. When I escaped s:<passphrase> like so: # iwconfig wlan0 essid <something> key "s:<passphrase>" I got it working. I then used the gnome network configuration tool ("Netzwerkeinstellungen" in german) to permanently write the configuration to the system files. Rebooted, and got no connection, with the same effects I had when I manually configured the WLAN card using iwconfig. I looked into /etc/network/interfaces, found that the passphrase after the statement "wireless-key" was not escaped, escaped it, rebooted, and voila it worked. I suggest not to generally put the key in quotes in the configuration file, but to correct the program which configures the WLAN-interface using the configuration file. ATTENTION: There may be security and safety implications with this too, as "abc; rm -rf /" is a possible ASCII WEP security key (assuming something like ifup calls iwconfig via the shell). I'm currently happy to have my WLAN card working so I'm not gonna try it out myself ;) ... I tried a wireless-key containing a semicolon and a command. The command gets executed. There's probably no security implications in this, since you already have to have elevated rights to be able to edit /etc/network/interfaces. Someone who's able to should mark this as a security problem, so that someone more knowledgeable than me looks into it. "Proof" follows (note the /x.x file): root@ws-desktop:/# ls bin dev initrd lib mnt root sys var boot etc initrd.img lost+found opt sbin tmp vmlinuz cdrom home initrd.img.old media proc srv usr vmlinuz.old root@ws-desktop:/# grep wireless-key /etc/network/interfaces wireless-key abcd; touch /x.x root@ws-desktop:/# ifup wlan0 Internet Systems Consortium DHCP Client V3.0.3 Copyright 2004-2005 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/products/DHCP Listening on LPF/wlan0/xx:xx:xx:xx:xx:xx Sending on LPF/wlan0/xx:xx:xx:xx:xx:xx Sending on Socket/fallback root@ws-desktop:/# root@ws-desktop:/# ls bin dev initrd lib mnt root sys var x.x boot etc initrd.img lost+found opt sbin tmp vmlinuz cdrom home initrd.img.old media proc srv usr vmlinuz.old root@ws-desktop:/# ... I can see this problem as well, with the latest Dapper g-s-t."
Still happening on edgy. Carlos, is that a system-tools-backends issue?
It's clear that the current behavior is wrong and even potentially dangerous (though that's a bug for Debian's ifupdown). It should be trivial to wrap the key in quotes.
Working on this as part of bug 519273.
According to its developer(s), gnome-system-tools is not under active development anymore. Functionality has been mostly integrated into GNOME Control Center / "[System] Settings". It is unlikely that there will be any further active development. Closing this report as WONTFIX as part of Bugzilla Housekeeping - Please feel free to reopen this bug report in the future if anyone takes the responsibility for active development again.