Bug #11544
GNOME ask for a password to enable PIN protected broadband connection
0%
Description
after being prompted for the PIN code of the simcard, the user is asked for the “debian live administrator password” (not the same prompt that the one you get when starting a root terminal). if the user does not enter the administrator password set in the greeter, the mobile broadband connection is not enabled.
note that when using a sim card with no PIN code protection, the user is not asked for that administrator password.
In other words:
Given I have started Tails
And I have not set an administration password
When I set up a mobile broadband connection not protected by a PIN
Then I am not asked for any password whatsoever
And I am connected to the Internet
… is deemed correct, while:
Given I have started Tails
And I have not set an administration password
When I try to set up a mobile broadband connection that is protected by a PIN
Then I am asked for a password
And I cannot connect to the Internet
… is a problem.
Files
Subtasks
History
#1 Updated by intrigeri 2016-07-16 06:12:37
- Assignee changed from intrigeri to goupille
- QA Check set to Info Needed
> after being prompted for the PIN code of the simcard, the user is asked for the “debian live administrator password” (not the same prompt that the one you get when starting a root terminal).
What’s written in the window that asks the password, exactly? (I need a screenshot or the complete text.)
#2 Updated by goupille 2016-07-24 04:11:35
- File screenshot-mobile-broadband.png added
- Assignee changed from goupille to intrigeri
here is a screenshot. note that even my locale is fr, the text is in english.
#3 Updated by intrigeri 2016-07-25 02:08:37
- Subject changed from Gnome ask for an administrator password to enable PIN protected broadband connection to GNOME ask for a password to enable PIN protected broadband connection
goupille wrote:
> here is a screenshot. note that even my locale is fr, the text is in english.
… except the window title, that’s in French (see the bottom bar). Whatever, I’ve found it. At least on sid it’s the org.freedesktop.ModemManager1.Device.Control
PolicyKit action, and the requested password is the user’s one (<allow_active>auth_self_keep</allow_active>
). I don’t know what we should do about this one. On the one hand, if ModemManager requires authentification for this action, there must be some risk coming with it (it would be good to check which one exactly). OTOH, given by default the amnesia
user has no password, in practice the current situation implies that one needs to set an administrator password to be able to use such a broadband connection, which sucks I guess.
#4 Updated by intrigeri 2016-07-25 02:21:33
- Assignee changed from intrigeri to goupille
Hi again!
Is my understanding correct that what happens currently is:
Given I have started Tails
And I have not set an administration password
When I set up a mobile broadband connection not protected by a PIN
Then I am not asked for any password whatsoever
And I am connected to the Internet
vs.
Given I have started Tails
And I have not set an administration password
When I try to set up a mobile broadband connection that is protected by a PIN
Then I am asked for a password
And I cannot connect to the Internet
?
#5 Updated by goupille 2016-07-26 06:05:12
- Assignee changed from goupille to intrigeri
your understanding is correct.
note that a lot of SIM card are pin protected by default.
#6 Updated by intrigeri 2016-07-26 08:21:23
- Description updated
#7 Updated by intrigeri 2016-07-26 08:40:03
I’ve used Debian’s codesearch to look for operations that relies on org.freedesktop.ModemManager1.Device.Control
for authorization (relevant macro: MM_AUTHORIZATION_DEVICE_CONTROL
). All results are in ModemManager. Here are these operations:
- changing, enabling, sending the PIN
- sending the PUK
- connecting/disconnecting some types of modems
- setting up some types of modems
- some firmware operations
- some geolocation / GPS operations
- some 3G network scanning operations
So at first glance, that PolicyKit authorization is quite powerful. It looks like at least with some hardware, it basically allows getting the user’s very precise location. So, I’m not convinced that we should give all programs running as the amnesia
user the power to silently use it. At least we should evaluate the security impact better before we do that. Now, perhaps Wi-Fi networks enumeration, as exposed by NetworkManager, already gives the same info to an attacker who would run arbitrary code as the amnesia
user?
#8 Updated by intrigeri 2016-07-26 08:41:27
- Assignee deleted (
intrigeri) - QA Check deleted (
Info Needed)
#9 Updated by intrigeri 2016-07-26 08:45:21
Next steps:
- document how one can use such hardware with current Tails: goupille, can you please check with sajolida what should be done on this side?
- either do the security research I’m suggesting above, or even better (likely less work, better resulting security for Tails users, and nicer consequences for other, non-Tails free software users): suggest ModemManager upstream to split this operation (send PIN) into another PolicyKit action, that we can more safely allow the desktop user to perform.
Having clarified how the problem could be solved: /me, out :)
#10 Updated by Anonymous 2018-08-17 15:36:38
- Assignee set to sajolida
Can you please check if this could be documented?
#11 Updated by Anonymous 2018-08-17 15:36:47
- QA Check set to Info Needed
#12 Updated by sajolida 2018-09-09 17:50:31
- Assignee changed from sajolida to goupille
- QA Check deleted (
Info Needed) - Type of work changed from Research to Test
Seeing that this issue was originally open 2 years ago, we should test again before documenting anything.
I understand that this happens when plugging a USB broadband dongle in Tails. I don’t have such hardware.
goupille: Do you? Does this still happen on Tails 3.9? If you don’t have this hardware, I think we should reject this ticket.
#13 Updated by goupille 2018-12-25 16:50:22
- Status changed from Confirmed to Rejected
- Assignee deleted (
goupille)
I took the time to test that, and it doesn’t happen anymore with tails 3.11, hence I reject that ticket.