~mil/sxmo-devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
9 4

[PATCH 1/2] removed the disable_led since flashlight/torch works nicely

Details
Message ID
<20240425160047.13693-1-hallo@magdesign.ch>
DKIM signature
permerror
Download raw message
Patch: +0 -1
---
 scripts/deviceprofiles/sxmo_deviceprofile_oneplus,enchilada.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/deviceprofiles/sxmo_deviceprofile_oneplus,enchilada.sh b/scripts/deviceprofiles/sxmo_deviceprofile_oneplus,enchilada.sh
index f41fd5d..8b9c62b 100755
--- a/scripts/deviceprofiles/sxmo_deviceprofile_oneplus,enchilada.sh
+++ b/scripts/deviceprofiles/sxmo_deviceprofile_oneplus,enchilada.sh
@@ -5,7 +5,6 @@
export SXMO_VOLUME_BUTTON="1:1:Volume_keys"
export SXMO_POWER_BUTTON="0:0:pm8941_pwrkey"
export SXMO_MONITOR="DSI-1"
export SXMO_DISABLE_LEDS="1"
export SXMO_VIBRATE_DEV="/dev/input/by-path/platform-c440000.spmi-platform-c440000.spmi:pmic@3:haptics@c000-event"
export SXMO_VIBRATE_STRENGTH="5000"
export SXMO_SWAY_SCALE="3"
-- 
2.44.0

[PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<20240425160047.13693-2-hallo@magdesign.ch>
In-Reply-To
<20240425160047.13693-1-hallo@magdesign.ch> (view parent)
DKIM signature
permerror
Download raw message
Patch: +4 -0
---
 scripts/core/sxmo_networks.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/core/sxmo_networks.sh b/scripts/core/sxmo_networks.sh
index c04ef54..d5d1d18 100755
--- a/scripts/core/sxmo_networks.sh
+++ b/scripts/core/sxmo_networks.sh
@@ -249,6 +249,7 @@ $(
$icon_cfg Nmtui
$icon_cfg Ifconfig
$([ -z "$WIFI_ENABLED" ] || printf "%s Scan Wifi Networks\n" "$icon_wif")
$([ -z "$WIFI_ENABLED" ] || printf "%s Show Credentials\n" "$icon_wif")
EOF
		)" || exit

@@ -277,6 +278,9 @@ EOF
			*"Ifconfig" )
				sxmo_terminal.sh watch -n 2 ifconfig || continue # Killeable
				;;
			*"Show Credentials" )
				sxmo_terminal.sh -t 'wifi credentials' -- bash -c "nmcli dev wifi show-password; read -p 'Press enter to close';" || continue # Killable
				;;	
			*"Scan Wifi Networks" )
				sxmo_terminal.sh watch -n 2 nmcli d wifi list || continue # Killeable
				;;
-- 
2.44.0

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<D0U1GOFS7WZW.11TPMBXRBBO6Q@willowbarraco.fr>
In-Reply-To
<20240425160047.13693-2-hallo@magdesign.ch> (view parent)
DKIM signature
pass
Download raw message
Thanks! Applied the first patch. I don't think we want this easy way to
snip at the secrets.

To git@git.sr.ht:~mil/sxmo-utils
   ed69f8ae..bccc1ab8  master -> master

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<xejg77nvohsvaqhdw5cqr4lcingatnrjkopdggyxyy3daowlhj@j6dhvub232fg>
In-Reply-To
<D0U1GOFS7WZW.11TPMBXRBBO6Q@willowbarraco.fr> (view parent)
DKIM signature
pass
Download raw message
On Fri, Apr 26, 2024 at 02:04:36PM +0200, Willow Barraco wrote:
> Thanks! Applied the first patch. I don't think we want this easy way to
> snip at the secrets.

We discussed on irc, and the OP6 doesn't have a working status led
currently, so this will remove the notification information from the
status bar. I think my patch to check if a flash device exists directly
achieves the same thing without this breakage.

It is handy sometimes to be able to see the password for a wifi network,
perhaps we could double check with the user to make sure they're really
sure?

> To git@git.sr.ht:~mil/sxmo-utils
>    ed69f8ae..bccc1ab8  master -> master

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<D0U39H4X8JVH.2VN329LRH42PC@willowbarraco.fr>
In-Reply-To
<xejg77nvohsvaqhdw5cqr4lcingatnrjkopdggyxyy3daowlhj@j6dhvub232fg> (view parent)
DKIM signature
pass
Download raw message
> It is handy sometimes to be able to see the password for a wifi network,
> perhaps we could double check with the user to make sure they're really
> sure?

The problem I see is that it become very easy for someone to grab the
phone, open the wifi menu, and to copy the password from the correct
ssid. I understand that the password is also available to nmcli
command, but it is a little bit more obscure.

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<D0ZWX5778NFW.2QVLQ7XSHVCYR@anaproy.nl>
In-Reply-To
<D0U39H4X8JVH.2VN329LRH42PC@willowbarraco.fr> (view parent)
DKIM signature
pass
Download raw message
On Fri Apr 26, 2024 at 3:29 PM CEST, Willow Barraco wrote:
> > It is handy sometimes to be able to see the password for a wifi network,
> > perhaps we could double check with the user to make sure they're really
> > sure?
>
> The problem I see is that it become very easy for someone to grab the
> phone, open the wifi menu, and to copy the password from the correct
> ssid. I understand that the password is also available to nmcli
> command, but it is a little bit more obscure.

I agree with both comments, perhaps the middle ground is to let the user
provide his own password prior to actually showing the credentials? `doas -u
$USER` seems to work for that (sudo tries to be too clever and doesn't
ask the passworD).

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<7dwqn7anspfne7zfw3onk4l3224niw5b3eqpvjh2f5hmulxfuh@spthaflzyiks>
In-Reply-To
<D0ZWX5778NFW.2QVLQ7XSHVCYR@anaproy.nl> (view parent)
DKIM signature
pass
Download raw message
On Fri, May 03, 2024 at 11:47:01AM +0200, Maarten van Gompel wrote:
> On Fri Apr 26, 2024 at 3:29 PM CEST, Willow Barraco wrote:
> > > It is handy sometimes to be able to see the password for a wifi network,
> > > perhaps we could double check with the user to make sure they're really
> > > sure?
> >
> > The problem I see is that it become very easy for someone to grab the
> > phone, open the wifi menu, and to copy the password from the correct
> > ssid. I understand that the password is also available to nmcli
> > command, but it is a little bit more obscure.
> 
> I agree with both comments, perhaps the middle ground is to let the user
> provide his own password prior to actually showing the credentials? `doas -u
> $USER` seems to work for that (sudo tries to be too clever and doesn't
> ask the passworD).

That might help, I'm a little worried it could give users a false sense
of security though. I would prefer to just make this data available and
rely on having a screen lock later to protect it.

I think depending on the threat model, contacts and sms history are
similarly, if not more, sensitive and we don't do anything to protect
those in cases like this.

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<D10NQAMBWHQZ.125G010RGW704@willowbarraco.fr>
In-Reply-To
<7dwqn7anspfne7zfw3onk4l3224niw5b3eqpvjh2f5hmulxfuh@spthaflzyiks> (view parent)
DKIM signature
pass
Download raw message
> I think depending on the threat model, contacts and sms history are
> similarly, if not more, sensitive and we don't do anything to protect
> those in cases like this.

That is also right

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<D10RFH2TOX5G.3C4REYHQEJPY5@anaproy.nl>
In-Reply-To
<D10NQAMBWHQZ.125G010RGW704@willowbarraco.fr> (view parent)
DKIM signature
pass
Download raw message
On Sat May 4, 2024 at 8:47 AM CEST, Willow Barraco wrote:
> > I think depending on the threat model, contacts and sms history are
> > similarly, if not more, sensitive and we don't do anything to protect
> > those in cases like this.
>
> That is also right

True, yes, perhaps we should just accept this patch as is (though change
bash to ash) and focus on getting a lock screen (peanutbutter) in by default for actual security.

Re: [PATCH 2/2] show the passwords of wifi connection from menu

Details
Message ID
<bg5btebdsbe2uolno3o6j3uq4r2uhosrfpszljppro2fum274o@3mh4qidzkmig>
In-Reply-To
<D10RFH2TOX5G.3C4REYHQEJPY5@anaproy.nl> (view parent)
DKIM signature
pass
Download raw message
On Sat, May 04, 2024 at 11:41:30AM +0200, Maarten van Gompel wrote:
> On Sat May 4, 2024 at 8:47 AM CEST, Willow Barraco wrote:
> > > I think depending on the threat model, contacts and sms history are
> > > similarly, if not more, sensitive and we don't do anything to protect
> > > those in cases like this.
> >
> > That is also right
> 
> True, yes, perhaps we should just accept this patch as is (though change
> bash to ash) and focus on getting a lock screen (peanutbutter) in by default for actual security.

Yes that's the way I prefer.

Oh good catch, I didn't notice bash. Also sxmo_terminal.sh doesn't take
a -t flag, whatever terminal magdesign uses probably handled that. And
read -p is non standard. I don't think either of them are necessary (we
use this same pattern elsewhere and don't set a termname or prompt users
to press enter). The correct invocation is probably more like:

sxmo_terminal.sh sh -c "nmcli dev wifi show-password; read"

Or if we really want to keep all the details:

TERMNAME='wifi credentials' sxmo_terminal.sh sh -c "nmcli dev wifi show-password; printf 'Press enter to close '; read"
Reply to thread Export thread (mbox)