Thanks! Applied the first patch. I don't think we want this easy way to
snip at the secrets.
To git@git.sr.ht:~mil/sxmo-utils
ed69f8ae..bccc1ab8 master -> master
Re: [PATCH 2/2] show the passwords of wifi connection from menu
On Fri, Apr 26, 2024 at 02:04:36PM +0200, Willow Barraco wrote:
> Thanks! Applied the first patch. I don't think we want this easy way to> snip at the secrets.
We discussed on irc, and the OP6 doesn't have a working status led
currently, so this will remove the notification information from the
status bar. I think my patch to check if a flash device exists directly
achieves the same thing without this breakage.
It is handy sometimes to be able to see the password for a wifi network,
perhaps we could double check with the user to make sure they're really
sure?
> To git@git.sr.ht:~mil/sxmo-utils> ed69f8ae..bccc1ab8 master -> master
Re: [PATCH 2/2] show the passwords of wifi connection from menu
> It is handy sometimes to be able to see the password for a wifi network,> perhaps we could double check with the user to make sure they're really> sure?
The problem I see is that it become very easy for someone to grab the
phone, open the wifi menu, and to copy the password from the correct
ssid. I understand that the password is also available to nmcli
command, but it is a little bit more obscure.
Re: [PATCH 2/2] show the passwords of wifi connection from menu
On Fri Apr 26, 2024 at 3:29 PM CEST, Willow Barraco wrote:
> > It is handy sometimes to be able to see the password for a wifi network,> > perhaps we could double check with the user to make sure they're really> > sure?>> The problem I see is that it become very easy for someone to grab the> phone, open the wifi menu, and to copy the password from the correct> ssid. I understand that the password is also available to nmcli> command, but it is a little bit more obscure.
I agree with both comments, perhaps the middle ground is to let the user
provide his own password prior to actually showing the credentials? `doas -u
$USER` seems to work for that (sudo tries to be too clever and doesn't
ask the passworD).
Re: [PATCH 2/2] show the passwords of wifi connection from menu
On Fri, May 03, 2024 at 11:47:01AM +0200, Maarten van Gompel wrote:
> On Fri Apr 26, 2024 at 3:29 PM CEST, Willow Barraco wrote:> > > It is handy sometimes to be able to see the password for a wifi network,> > > perhaps we could double check with the user to make sure they're really> > > sure?> >> > The problem I see is that it become very easy for someone to grab the> > phone, open the wifi menu, and to copy the password from the correct> > ssid. I understand that the password is also available to nmcli> > command, but it is a little bit more obscure.> > I agree with both comments, perhaps the middle ground is to let the user> provide his own password prior to actually showing the credentials? `doas -u> $USER` seems to work for that (sudo tries to be too clever and doesn't> ask the passworD).
That might help, I'm a little worried it could give users a false sense
of security though. I would prefer to just make this data available and
rely on having a screen lock later to protect it.
I think depending on the threat model, contacts and sms history are
similarly, if not more, sensitive and we don't do anything to protect
those in cases like this.
Re: [PATCH 2/2] show the passwords of wifi connection from menu
> I think depending on the threat model, contacts and sms history are> similarly, if not more, sensitive and we don't do anything to protect> those in cases like this.
That is also right
Re: [PATCH 2/2] show the passwords of wifi connection from menu
On Sat May 4, 2024 at 8:47 AM CEST, Willow Barraco wrote:
> > I think depending on the threat model, contacts and sms history are> > similarly, if not more, sensitive and we don't do anything to protect> > those in cases like this.>> That is also right
True, yes, perhaps we should just accept this patch as is (though change
bash to ash) and focus on getting a lock screen (peanutbutter) in by default for actual security.
Re: [PATCH 2/2] show the passwords of wifi connection from menu
On Sat, May 04, 2024 at 11:41:30AM +0200, Maarten van Gompel wrote:
> On Sat May 4, 2024 at 8:47 AM CEST, Willow Barraco wrote:> > > I think depending on the threat model, contacts and sms history are> > > similarly, if not more, sensitive and we don't do anything to protect> > > those in cases like this.> >> > That is also right> > True, yes, perhaps we should just accept this patch as is (though change> bash to ash) and focus on getting a lock screen (peanutbutter) in by default for actual security.
Yes that's the way I prefer.
Oh good catch, I didn't notice bash. Also sxmo_terminal.sh doesn't take
a -t flag, whatever terminal magdesign uses probably handled that. And
read -p is non standard. I don't think either of them are necessary (we
use this same pattern elsewhere and don't set a termname or prompt users
to press enter). The correct invocation is probably more like:
sxmo_terminal.sh sh -c "nmcli dev wifi show-password; read"
Or if we really want to keep all the details:
TERMNAME='wifi credentials' sxmo_terminal.sh sh -c "nmcli dev wifi show-password; printf 'Press enter to close '; read"