Re: umb(4) WIP diff and questions

2020-01-22 Thread Lee B
On Thu Jan 23, 2020 at 3:05 AM, Claudio Jeker wrote: > On Thu, Jan 23, 2020 at 10:48:06AM +0900, Lee B wrote: > > > > OK, the umb_softc part was straightforward enough, thanks. I'd like > > some advice on how to handle the ifconfig(8) changes to accomodate > > this though. I see the wifi code app

Re: umb(4) WIP diff and questions

2020-01-22 Thread Claudio Jeker
On Thu, Jan 23, 2020 at 10:48:06AM +0900, Lee B wrote: > On Tue Jan 14, 2020 at 5:59 PM, Claudio Jeker wrote: > > > > Since the credentials should not be passed back to userland I would not > > add them to struct umb_parameter but instead to struct umb_softc. > > Then you don't need to use struct

Re: umb(4) WIP diff and questions

2020-01-22 Thread Lee B
On Tue Jan 14, 2020 at 5:59 PM, Claudio Jeker wrote: > > Since the credentials should not be passed back to userland I would not > add them to struct umb_parameter but instead to struct umb_softc. > Then you don't need to use struct umb_parameter for the ioctl and > instead > could just pass the (

Re: umb(4) WIP diff and questions

2020-01-22 Thread Ricardo Mestre
Hi, Disclaimer: I don't have such hardware to test with or without the diff below, but I think if we add this change in any shape or form then we should add this as well otherwise we could bump into the vuln [0] that Ilja found on NetBSD which could leak the credentials. [0] https://ftp.netbsd.o

Re: umb(4) WIP diff and questions

2020-01-14 Thread Lee B
On Tue Jan 14, 2020 at 12:40 PM, Theo de Raadt wrote: > > > > Channeling a conversation from 15 years ago: "How about wpakeyfile" > > > > > Another consideration is... many of these passwords are locked to narrow > usage cases, so does it really matter all that much? > > Right, seems like I sh

Re: umb(4) WIP diff and questions

2020-01-14 Thread Lee B
Hi Stefan, On Tue Jan 14, 2020 at 2:40 PM, Stefan Sperling wrote: > <... lots of useful stuff ...> > That was exactly the sort of thing I was looking for. Thanks! It was seeing your device drivers presentation on Youtube a week or so ago that originally inspired me to get stuck in, so thanks fo

Re: umb(4) WIP diff and questions

2020-01-14 Thread Abel Abraham Camarillo Ojeda
On Tue, Jan 14, 2020 at 5:11 PM Stefan Sperling wrote: > On Tue, Jan 14, 2020 at 12:34:29PM -0700, Theo de Raadt wrote: > > Channeling a conversation from 15 years ago: "How about wpakeyfile" > > ifconfig wpakeyfile would be trivial to add if we really want it. > But how will hostname.if will wo

Re: umb(4) WIP diff and questions

2020-01-14 Thread Stefan Sperling
On Tue, Jan 14, 2020 at 12:34:29PM -0700, Theo de Raadt wrote: > Channeling a conversation from 15 years ago: "How about wpakeyfile" ifconfig wpakeyfile would be trivial to add if we really want it. The downside is loss of unveil, here handled the same way as for the bridge rulesfile. Looks like

Re: umb(4) WIP diff and questions

2020-01-14 Thread Theo de Raadt
Theo de Raadt wrote: > Stuart Henderson wrote: > > > On 2020/01/14 10:27, Theo de Raadt wrote: > > > Unfortunate part of this diff is that the password is (very > > > momentarily) visible with ps(1) in the root-run ifconfig argv[] array. > > > It's a tight race, but still it is visible. > > >

Re: umb(4) WIP diff and questions

2020-01-14 Thread Theo de Raadt
Stuart Henderson wrote: > On 2020/01/14 10:27, Theo de Raadt wrote: > > Unfortunate part of this diff is that the password is (very > > momentarily) visible with ps(1) in the root-run ifconfig argv[] array. > > It's a tight race, but still it is visible. > > > > People do run "sh /etc/netstart u

Re: umb(4) WIP diff and questions

2020-01-14 Thread Stuart Henderson
On 2020/01/14 10:27, Theo de Raadt wrote: > Unfortunate part of this diff is that the password is (very > momentarily) visible with ps(1) in the root-run ifconfig argv[] array. > It's a tight race, but still it is visible. > > People do run "sh /etc/netstart umb0" to activate the interface > durin

Re: umb(4) WIP diff and questions

2020-01-14 Thread Theo de Raadt
Unfortunate part of this diff is that the password is (very momentarily) visible with ps(1) in the root-run ifconfig argv[] array. It's a tight race, but still it is visible. People do run "sh /etc/netstart umb0" to activate the interface during multiuser. If the password is truly sensitive, it s

Re: umb(4) WIP diff and questions

2020-01-14 Thread Claudio Jeker
On Tue, Jan 14, 2020 at 02:40:45PM +0100, Stefan Sperling wrote: > On Tue, Jan 14, 2020 at 09:51:05PM +0900, leeb wrote: > > Hello again tech@ > > > > I've included diffs of what I've got so far at the bottom > > of this mail, but first a couple of questions: > > > > - Using the full 510-charact

Re: umb(4) WIP diff and questions

2020-01-14 Thread Stefan Sperling
On Tue, Jan 14, 2020 at 09:51:05PM +0900, leeb wrote: > Hello again tech@ > > I've included diffs of what I've got so far at the bottom > of this mail, but first a couple of questions: > > - Using the full 510-character limits for username and > passphrase specified in the MBIM spec, kernel comp

umb(4) WIP diff and questions

2020-01-14 Thread leeb
Hello again tech@ I've included diffs of what I've got so far at the bottom of this mail, but first a couple of questions: - Using the full 510-character limits for username and passphrase specified in the MBIM spec, kernel compilation fails due to tripping the 2047-byte stack frame warning whe