Project

General

Profile

Bug #7165

NetworkManager autoconnects to persistent wireless networks

Added by anonym over 5 years ago. Updated over 1 year ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Persistence
Target version:
-
Start date:
07/20/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

This was not the case in Squeeze; all persistent wireless networks in range were only listed, not auto connected to. The "Connect automatically" option wasn't saved properly, making it always act as if disabled (well, only after rebooting Tails, not during the session it was added). While this actually is a bug, this behaviour is desirable (except the discrepancy with rebooting). We wanted to consider it a feature but ended up calling it a known issue. Now we may want to revisit this.

Do we want to always disable "Connect automatically" and remove the check box (by patching `nm-applet`) or similar, and if so, is it blocking Tails 1.1? In any case the known issue should be removed.


Subtasks

Feature #7622: Check if NetworkManager allows disabling the autoconnect parameter by defaultConfirmed


Related issues

Related to Tails - Feature #6811: Add Tails Greeter option for disabling networking Resolved 05/11/2014
Related to Tails - Feature #7185: Document the interface for editing network connections Resolved 09/19/2014

History

#1 Updated by intrigeri over 5 years ago

We "wanted to consider it a feature but ended up calling it a known
issue":https://mailman.boum.org/pipermail/tails-dev/2012-October/001762.html.
Now we may want to revisit this.

Especially now that we have MAC spoofing enabled by default, I'm in
favour with keeping the status quo in terms of analysis, that is to
call it a known issue in Squeeze, that is resolved in Wheezy.

So, I would advise to remove the known issue in the devel branch,
and to mark this ticket as "Fix committed".

Nice catch, anyway!

#2 Updated by anonym over 5 years ago

  • Target version deleted (Tails_1.1)

For now we've decided it's not a 1.1 blocker.

#3 Updated by intrigeri over 5 years ago

201405 meeting notes:

  • A proposal was to do nothing, and remove the 3 lines about that from the Known issues.
  • But that makes it harder to work totally offline.
  • MAC spoofing does nothing for the edge case where the persistent wireless network has WPA Enterprise with unique user credentials
  • To work offline people can disconnect before starting any application, so the attack surface is "only" the kernel + whatever runs by default. We can probably live with that.
  • We decided that was not a blocker for 1.1.
  • The question remains open whether this would be a desirable behaviour to have back in Tails.
  • We could have a look at the NetworkManager parameter to not autoconnect and see if it can be made "off" by default.

#4 Updated by intrigeri over 5 years ago

  • Related to Feature #6811: Add Tails Greeter option for disabling networking added

#5 Updated by sajolida almost 5 years ago

Someone mentioned on tails-ux that WPA with unique user credentials is not only an edge. If you consider the eduraom network (https://www.eduroam.org/). Having your Tails automatically connect and send your credentials to such a network can reveal your location pretty badly.

#6 Updated by anonym almost 5 years ago

sajolida wrote:

Someone mentioned on tails-ux that WPA with unique user credentials is not only an edge. If you consider the eduraom network (https://www.eduroam.org/). Having your Tails automatically connect and send your credentials to such a network can reveal your location pretty badly.

This is a very good point, and has made me pretty convinced that we really should do something about this. For the record, I've been personally surprised by eduroam's presence a couple of times, e.g. at IRILL. :)

I vote for Discuss -> Code. I might take the ticket unless someone else feels like it, but I wouldn't want to commit to any actual work until after 1.3 has been released, at least.

#7 Updated by BitingBird almost 5 years ago

  • Type of work changed from Discuss to Code

#8 Updated by sajolida over 4 years ago

  • Related to Feature #7185: Document the interface for editing network connections added

#9 Updated by u almost 2 years ago

  • Subject changed from NetworkManager autoconnects to persistent wireless networks in Wheezy to NetworkManager autoconnects to persistent wireless networks

Is this still something that we consider modifying, even on Stretch?

#10 Updated by u over 1 year ago

Is this something we want to tackle ?

#11 Updated by intrigeri over 1 year ago

Yes, it would be good to fix this some day.

Also available in: Atom PDF