Ubuntu Linux WiFi Security: Canonical Combats Criticism
It’s not even January 2014 yet, and already Canonical faces another media flare-up about its Ubuntu Linux operating system. But this time, the negative stories about the open source vendor — which critics accuse of storing WiFi passwords in an insecure way via NetworkManager — are not fair.
A few days ago, someone figured out that NetworkManager, the networking interface installed by default in Ubuntu and virtually every other major desktop Linux distribution, saves passwords for wireless networks in an unencrypted part of the file system. Now, the press is calling this “another potentially negative story about Ubuntu and Canonical,” and asking whether Ubuntu “goofed.”
To be sure, Canonical has made its share of poor PR decisions in recent years. From integrating Amazon.com search features into Ubuntu, to pushing drastically new interfaces into Ubuntu before they are ready for users (and users are ready for them), Canonical has sometimes displayed a tendency toward rash behavior — although it generally does a decent job of fixing its misteps sooner or later.
Don’t Blame Ubuntu
In this case, though, the password issue in NetworkManager is no fault of Canonical’s. The company doesn’t write that software; on the contrary, it’s part of GNOME, a project from which Ubuntu has grown increasingly distant in recent years. And there is no real alternative to NetworkManager, which is by far the most advanced and user-friendly networking interface available for Linux.
More importantly, the security concern with NetworkManager is not unique to Ubuntu. It affects all Linux distributions, as the media started noting after fingers were already pointing squarely at Canonical.
By the way, the fact that NetworkManager has been in widespread use on so many Linux platforms for over a half-decade, yet the password issue came to light only now, makes one wonder how crucially serious the vulnerability really is. Aren’t there much more important passwords to protect than those for wireless networks that users probably already know, since they’ve connected to the networks in the past? Sure, on multi-user systems, this information could be exploited in nasty ways, especially in enterprise settings where a particular user’s WPA password might also be used for other resources. But it’s hard to envision this being a huge problem for most users.
So on this occasion, Canonical deserves a break. There are plenty of valid criticisms of decisions made by the developers of Ubuntu — as of any operating system — but this is not one.
I think you missed the most
I think you missed the most important point: there is no reasonable way to encrypt the password. It will either be in plaintext or force users to unlock it with common password for computer which is STUPID.
The originator probably knew
The originator probably knew that the flaw was not Ubuntu specific. It clearly helps someone to point a finger at Canonical…already a target for vilification for some Linux fans because of its many adventurous diversions (Unity, Mir etc), as well as the non-Linux users for whom Ubuntu IS Linux.
Oh dear – you seem to be
Oh dear – you seem to be trying to avoid the pitfalls the other press outlets fell into, but have found some of your own…
Calling NM a part of GNOME could be slightly misleading: indeed its page is in gnome.org and it uses GNOME to host tarballs and bug reports, but it’s not really a GNOME-centric project, and its git repos are on freedesktop.org. I don’t know the history of why it has this split personality, but there ya go.
There is a difference between distros here, even though a lot of distros use NM: distros can configure it differently. For instance, Fedora does not set things up so that wireless connections configured at the desktop by a user are systemwide connections by default, as Ubuntu does. You have to go and explicitly mark them as such.
Still, I agree that this issue has been vastly overblown. In a lot of cases the media seems to be missing the rather important point that the file in question is owned by root and has 0600 permissions by default – i.e., only root can read it. Of course you can read it if you can boot the system and mount the relevant partition, but then there’s all _sorts_ of things you can read that way; distros do not generally ship in a configuration that is considered ‘safe’ against untrusted people with physical access to the computer, as it’s extremely difficult to do such a thing. If you require this level of security you should at a minimum be using full-disk encryption.
No break is deserved, because
No break is deserved, because none is needed. Wifi passwords are not security, just a very mild access deterrent. Surely you know that you need to use https or ssh, right?
I think that is indeed
I think that is indeed Canonical’s fault since I have tried Fedora 20 with latest Gnome 3.10 and it stores Wifi passwords in Gnome keyring. Similarly in Arch + KDE kwallet is used to store passwords and moreover since 4.12 you can use GPG as back end for encrypting the passwords.
So it seems that in Ubuntu they changed the default settings to keep passwords in plain text, instead of using any of the above mechanisms probably because of user friendliness (really?!) or they didn’t bother to integrate them with their offerings (like auto-unlocking gnome-keyring at logging in). But you can’t blaim NetworkManager for providing that option, but maybe they should consider removing it, since it gets abused by distributions like Ubuntu.
Ad of course the file is only
Ad of course the file is only readable by root.
if an unauthorised person can log on a root then you have a far bigger concern that your wifi key being compromised.
the files in which passwords
the files in which passwords stored can be only be read by root !!!
To get the key in plaintext
To get the key in plaintext format, all you have to do is “steal” the computer for a moment, boot up with a live disk, and read the key. It will be even better if the computer was shutdown when you “stole” it. Nobody will guess that you “stole” it to steal the key.
I am not an expert on this. However, for the more recent versions of Ubuntu, I think if you uncheck “Available for all users” — i.e., create connection only for the login account — for the network connection in NetworkManager, the key is stored in keyring encrypted. At least, for Ubuntu 12.04LTS, the connection settings in directory /etc/NetworkManager/system-connections does not have the key in plain text format.
Of course, if you encrypt
Of course, if you encrypt access to grub, and lock access to BIOS, all of the speculation is pointless drivel. Nice, but pointless. If, on the other hand, your whole OS is 777, well, you must be a novice running an insecure system.
Christopher Tozzi if you like
Christopher Tozzi if you like it or not Canonical is gulity here.
You say they are using a part they don’t provide upstream support to. So why are they using it.
Cannonical pulled their developers mostly out of Gnome.
Sorry using it and not auditing it is an offense.
when I walk away from my
when I walk away from my desk-top I lock it, you are NOT getting Anywhere without my password,,,,my laptop I just close the lid,,,,,open it , you need a password. so what are the naysayers worried about?
More to the point, only a
More to the point, only a person with root access to a machine can see the password. If a hostile has root access on your machine, their ability to read your wifi password is the LEAST of your concerns!
It’s simply a non-issue.
This is a non issue. As
This is a non issue. As stated in most of the comments below the original article, only someone who knows the root password could gain acces to this file.
If you have a user inside your system that shouldnt have root acces but has it anyway, you have a very big -but totaly unrelated- problem.
Unless I’m mistaken, those
Unless I’m mistaken, those files cant be read without the root or sudo password anyway.
If someone other than the proper user has those and can read the passwords then surely they already have root access to your system anyway?
Totaly bullshit.
So they
Totaly bullshit.
So they don’t know they are using Gnome, they don’t know they are using NetworkManager, they don’t know they are forcing their user to use something with vulnerabilities inside.
I love Ubuntu! …and I
I love Ubuntu! …and I don’t care!
Linux is open source, Doesnt
Linux is open source, Doesnt it?
Just modify the code! Why not?