[PATCH] hostapd: disable logging of wpa_passphrase
Jouni Malinen
j at w1.fi
Sun Dec 22 10:06:31 PST 2024
On Tue, Dec 17, 2024 at 09:46:48AM +0100, Christian Korber wrote:
> During the initialization of hostapd, the configuration file is logged in
> the syslog and the wpa_passphrase is also logged.
What do you mean with the configuration file being logged? And in
particular, where do you see wpa_passphrase being logged?
> This is not ideal from a security point of view. Therefore this commit allows
> the output if compiled in debug mode.
I don't see how this would really be doing that..
> .../804-disable-logging-of-passphrase.patch | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
> create mode 100644 package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch
This is not really a style that would be used for the upstream
hostap.git repository.. Instead of adding patches to file some files,
the changes should modify the files themselves..
> diff --git a/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch b/package/network/services/hostapd/patches/804-disable-logging-of-passphrase.patch
> +--- a/src/ap/hostapd.c
> ++++ b/src/ap/hostapd.c
> +@@ -3378,8 +3378,11 @@ hostapd_interface_init_bss(struct hapd_i
> + }
> + }
> +
> +- wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
> ++ if (CONFIG_MSG_MIN_PRIORITY <= MSG_DEBUG){
> ++ wpa_printf(MSG_INFO, "Configuration file: %s (phy %s)%s",
> + config_fname, phy, iface ? "" : " --> new PHY");
> ++ }
This does not really log the configuration file; it logs only its name.
In other words, no passphrases are logged here..
CONFIG_MSG_MIN_PRIORITY is not defined in hostap.git, so this change
would not even compile.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list