Page MenuHomeSolus

Don't trust open network connections
Closed, WontfixPublic

Description

This is a feature request, so tag as appropriate.

What I mean is please ask the user for permission before connecting to open Ethernet, USB Ethernet, or Wifi which doesn't require a password. If you're wondering why, google "PoisonTap". Technically, it's the user's fault for allowing HTTP traffic at all, but in the real world, most people do that, so this would seem to be a reasonable protective step.

Event Timeline

JoshStrobl triaged this task as Normal priority.Nov 23 2016, 2:53 AM
JoshStrobl edited projects, added Software; removed Triage Team.
JoshStrobl moved this task from Backlog to Improvement on the Software board.
baimafeima added a subscriber: ikey.EditedDec 15 2016, 3:37 AM

What I mean is please ask the user for permission before connecting to open Ethernet, USB Ethernet, or Wifi which doesn't require a password.

We talked about this a bit on IRC. @ikey

I remember you mentioned the idea of a general policy editor some time back when I asked about superuser rights in the SC: https://dev.solus-project.com/T1009

Do you think such a policy editor could be implemented as part of a dedicated security setting in the new control center which could then handle specific requests such as this one? If I remember correctly, you said that Wifi security must be addressed on the networkmanager level?

In any case, I absolutely support a granular approach to handling authentication, authorizations and permissions in Solus. A fine-grained system (perhaps through security profiles from low to medium to high?) would allow individual customizations on these matters of security without making this overly complicated.

baimafeima added a project: Restricted Project.Jan 3 2018, 8:16 AM
DataDrake closed this task as Wontfix.Mar 16 2018, 7:27 PM
DataDrake claimed this task.
DataDrake added a subscriber: DataDrake.

Until such a time as we take on the responsibility of implementing a policy manager, there is nothing to be done about this. At such a time, implementing similar functionality will be self-evident.