Bug #11544: GNOME ask for a password to enable PIN protected broadband connection

Bug #11544

GNOME ask for a password to enable PIN protected broadband connection

Added by goupille 2016-06-23 09:32:20 . Updated 2018-12-25 16:50:22 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

2016-06-23

Due date:

% Done:

Feature Branch:

Type of work:

Test

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

after being prompted for the PIN code of the simcard, the user is asked for the “debian live administrator password” (not the same prompt that the one you get when starting a root terminal). if the user does not enter the administrator password set in the greeter, the mobile broadband connection is not enabled.

note that when using a sim card with no PIN code protection, the user is not asked for that administrator password.

In other words:

Given I have started Tails
And I have not set an administration password
When I set up a mobile broadband connection not protected by a PIN
Then I am not asked for any password whatsoever
And I am connected to the Internet

… is deemed correct, while:

Given I have started Tails
And I have not set an administration password
When I try to set up a mobile broadband connection that is protected by a PIN
Then I am asked for a password
And I cannot connect to the Internet

… is a problem.

Files

screenshot-mobile-broadband.png (172520 B)

goupille, 2016-07-24 04:11:19

Subtasks

History

#1 Updated by intrigeri 2016-07-16 06:12:37

Assignee changed from intrigeri to goupille
QA Check set to Info Needed

> after being prompted for the PIN code of the simcard, the user is asked for the “debian live administrator password” (not the same prompt that the one you get when starting a root terminal).

What’s written in the window that asks the password, exactly? (I need a screenshot or the complete text.)

#2 Updated by goupille 2016-07-24 04:11:35

File screenshot-mobile-broadband.png added
Assignee changed from goupille to intrigeri

here is a screenshot. note that even my locale is fr, the text is in english.

#3 Updated by intrigeri 2016-07-25 02:08:37

Subject changed from Gnome ask for an administrator password to enable PIN protected broadband connection to GNOME ask for a password to enable PIN protected broadband connection

goupille wrote:
> here is a screenshot. note that even my locale is fr, the text is in english.

… except the window title, that’s in French (see the bottom bar). Whatever, I’ve found it. At least on sid it’s the org.freedesktop.ModemManager1.Device.Control PolicyKit action, and the requested password is the user’s one (<allow_active>auth_self_keep</allow_active>). I don’t know what we should do about this one. On the one hand, if ModemManager requires authentification for this action, there must be some risk coming with it (it would be good to check which one exactly). OTOH, given by default the amnesia user has no password, in practice the current situation implies that one needs to set an administrator password to be able to use such a broadband connection, which sucks I guess.

#4 Updated by intrigeri 2016-07-25 02:21:33

Assignee changed from intrigeri to goupille

Hi again!

Is my understanding correct that what happens currently is:

Given I have started Tails
And I have not set an administration password
When I set up a mobile broadband connection not protected by a PIN
Then I am not asked for any password whatsoever
And I am connected to the Internet

vs.

Given I have started Tails
And I have not set an administration password
When I try to set up a mobile broadband connection that is protected by a PIN
Then I am asked for a password
And I cannot connect to the Internet

#5 Updated by goupille 2016-07-26 06:05:12

Assignee changed from goupille to intrigeri

your understanding is correct.

note that a lot of SIM card are pin protected by default.

#6 Updated by intrigeri 2016-07-26 08:21:23

Description updated

#7 Updated by intrigeri 2016-07-26 08:40:03

I’ve used Debian’s codesearch to look for operations that relies on org.freedesktop.ModemManager1.Device.Control for authorization (relevant macro: MM_AUTHORIZATION_DEVICE_CONTROL). All results are in ModemManager. Here are these operations:

changing, enabling, sending the PIN
sending the PUK
connecting/disconnecting some types of modems
setting up some types of modems
some firmware operations
some geolocation / GPS operations
some 3G network scanning operations

So at first glance, that PolicyKit authorization is quite powerful. It looks like at least with some hardware, it basically allows getting the user’s very precise location. So, I’m not convinced that we should give all programs running as the amnesia user the power to silently use it. At least we should evaluate the security impact better before we do that. Now, perhaps Wi-Fi networks enumeration, as exposed by NetworkManager, already gives the same info to an attacker who would run arbitrary code as the amnesia user?

#8 Updated by intrigeri 2016-07-26 08:41:27

Assignee deleted (~~intrigeri~~)
QA Check deleted (~~Info Needed~~)

#9 Updated by intrigeri 2016-07-26 08:45:21

Next steps:

document how one can use such hardware with current Tails: goupille, can you please check with sajolida what should be done on this side?
either do the security research I’m suggesting above, or even better (likely less work, better resulting security for Tails users, and nicer consequences for other, non-Tails free software users): suggest ModemManager upstream to split this operation (send PIN) into another PolicyKit action, that we can more safely allow the desktop user to perform.

Having clarified how the problem could be solved: /me, out :)

#10 Updated by Anonymous 2018-08-17 15:36:38

Assignee set to sajolida

Can you please check if this could be documented?

#11 Updated by Anonymous 2018-08-17 15:36:47

QA Check set to Info Needed

#12 Updated by sajolida 2018-09-09 17:50:31

Assignee changed from sajolida to goupille
QA Check deleted (~~Info Needed~~)
Type of work changed from Research to Test

Seeing that this issue was originally open 2 years ago, we should test again before documenting anything.

I understand that this happens when plugging a USB broadband dongle in Tails. I don’t have such hardware.

goupille: Do you? Does this still happen on Tails 3.9? If you don’t have this hardware, I think we should reject this ticket.

#13 Updated by goupille 2018-12-25 16:50:22

Status changed from Confirmed to Rejected
Assignee deleted (~~goupille~~)

I took the time to test that, and it doesn’t happen anymore with tails 3.11, hence I reject that ticket.