Bug 20963

Summary: wicontrol (and supporting calls) reveal hardware crypto key to any user
Product: Base System Reporter: Robert Watson <rwatson>
Component: kernAssignee: Bill Paul <wpaul>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-STABLE   
Hardware: Any   
OS: Any   

Description Robert Watson freebsd_committer freebsd_triage 2000-08-31 17:10:01 UTC 
wicontrol will show the hardware crypto key to any user.  Probably, 
release of the crypto key should occur only to a process with appropriate
privilege.  This cannot just be done in wicontrol, but must be done at
the ioctl used to retrieve the key, in kernel.  Access to the system
should not imply complete access to the network infrastructure.

Fix: 

Not attached.
How-To-Repeat: 
wicontrol -i wi0
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 2000-08-31 17:52:36 UTC 
Responsible Changed
From-To: freebsd-bugs->wpaul

Over to maintainer.
Comment 2 Bill Paul freebsd_committer freebsd_triage 2000-09-07 18:11:02 UTC 
State Changed
From-To: open->closed

Added suser() check to wi_ioctl() to prevent it from returning encryption 
keys to the caller unless they're root.