Closed
Bug 831948
Opened 11 years ago
Closed 11 years ago
WiFi Tethering should default to WPA2
Categories
(Firefox OS Graveyard :: Gaia::Settings, defect)
Tracking
(blocking-b2g:-, b2g18+ wontfix, b2g18-v1.0.1 wontfix, b2g-v1.1hd wontfix, b2g-v1.2 fixed, b2g-v1.3 fixed)
People
(Reporter: st3fan, Assigned: arroway)
References
Details
(Keywords: sec-want)
Attachments
(1 file, 2 obsolete files)
897 bytes,
patch
|
kaze
:
review+
|
Details | Diff | Splinter Review |
WiFi Tethering should default to WPA. There is no reason the default should be wide open as setting up WPA is super simple.
Reporter | ||
Updated•11 years ago
|
Summary: WiFi Tethering should default to WPA → WiFi Tethering should default to WPA2
Reporter | ||
Updated•11 years ago
|
blocking-b2g: --- → tef?
Comment 2•11 years ago
|
||
Comment on attachment 704598 [details] [review] Link to pull request Your pull request currently includes your patch for bug 797661, please fix this and r? me again.
Attachment #704598 -
Flags: review?(kaze) → review-
Reporter | ||
Comment 3•11 years ago
|
||
Fixed the commit. Is now just a fix for this specific bug. New pull request is attached.
Attachment #704598 -
Attachment is obsolete: true
Attachment #704637 -
Flags: review?(kaze)
Reporter | ||
Comment 4•11 years ago
|
||
I'm posting this while being tethered to my B2G phone with this patch applied. This works really well. (Although slow on Edge) (I also have 797661 applied so I was given a nice to remember password to connect)
Updated•11 years ago
|
Attachment #704637 -
Flags: review?(kaze) → review+
Reporter | ||
Comment 6•11 years ago
|
||
Tony, any way i can change your mind? We think this is an important improvement.
Comment 7•11 years ago
|
||
Comment on attachment 704637 [details] [review] Link to pull request [Approval Request Comment] Bug caused by (feature/regressing bug #): n/a User impact if declined: poor protection when tethering over wifi Testing completed: manual Risk to taking this patch (and alternatives if risky): low
Attachment #704637 -
Flags: approval-gaia-master?(21)
Reporter | ||
Updated•11 years ago
|
tracking-b2g18:
--- → ?
Updated•11 years ago
|
Comment 8•11 years ago
|
||
Comment on attachment 704637 [details] [review] Link to pull request Nice to have, low risk patch - please go ahead with uplift to v1-train and v1.0.0
Attachment #704637 -
Flags: approval-gaia-v1?(21) → approval-gaia-v1+
Comment 9•11 years ago
|
||
Can we land this?
Assignee: nobody → sarentz
Status: NEW → ASSIGNED
Flags: needinfo?(sarentz)
OS: Mac OS X → Gonk (Firefox OS)
Hardware: x86 → ARM
Reporter | ||
Comment 10•11 years ago
|
||
Please land this. I'm on paternity leave, but :kaze can assist.
Flags: needinfo?(sarentz)
Comment 11•11 years ago
|
||
Re-nom'ing this since it seems it was approved above, but then fell off the radar. Patch is ready and low risk. Literally just changing: - "tethering.wifi.security.type": "open", + "tethering.wifi.security.type": "wpa2-psk", in build/settings.py If this isn't appropriate, please just let me know. Just want to make sure that this wasn't just accidentally overlooked.
blocking-b2g: - → leo?
Comment 12•11 years ago
|
||
This has approval, and should have been uplifted, but it's still not a shipping blocker so we'll track here for v1-train. Our auto-uplift driver should catch this.
Reporter | ||
Updated•11 years ago
|
Blocks: b2gGaiaSecurity
Updated•11 years ago
|
Attachment mime type: text/plain text/plain → text/x-github-pull-request text/x-github-pull-request
Reporter | ||
Comment 13•11 years ago
|
||
I'm not in B2G engineering so I am unassigning myself. Hopefully someone can include this patch.
Assignee: sarentz → nobody
Status: ASSIGNED → NEW
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → stephouillon
Assignee | ||
Comment 14•11 years ago
|
||
New pull request since settings.py has moved to settings.js: https://github.com/mozilla-b2g/gaia/pull/14609
Attachment #704637 -
Attachment is obsolete: true
Attachment #8346494 -
Flags: review?(kaze)
Comment 15•11 years ago
|
||
Comment on attachment 8346494 [details] [diff] [review] tethering_wpa2.patch Thanks Stéphanie. Next time, please provide a github PR so we can get the Travis results before merging. I’m nowhere near a security expert, but maybe you’ll want to open another bug to have a less obvious password by default? I’m a bit worried that the user might think his connection is properly secured with WPA2, without having to set a proper password first… UX might help on this subject, too.
Attachment #8346494 -
Flags: review?(kaze) → review+
Comment 16•11 years ago
|
||
(In reply to Fabien Cazenave [:kaze] from comment #15) > I’m nowhere near a security expert, but maybe you’ll want to open another > bug to have a less obvious password by default? I just saw bug 797661, please ignore this comment.
Assignee | ||
Comment 17•11 years ago
|
||
(In reply to Fabien Cazenave [:kaze] from comment #15) > Comment on attachment 8346494 [details] [diff] [review] > tethering_wpa2.patch > > Thanks Stéphanie. Next time, please provide a github PR so we can get the > Travis results before merging. > I don't understand what you mean: I did provide a github PR at the same time as the patch (link in comment 14)?
Assignee | ||
Updated•11 years ago
|
Keywords: checkin-needed
Comment 18•11 years ago
|
||
Master: https://github.com/mozilla-b2g/gaia/commit/47266e33ea9f48c61c6cc8697999ede8477fe20e
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 1.3 C1/1.4 S1(20dec)
Comment 19•11 years ago
|
||
This bug was partially uplifted. Uplifted 47266e33ea9f48c61c6cc8697999ede8477fe20e to: v1.3: 5f21afd617054297d07e5de8e6dfba3f73b6562f v1.2: 4f1c06318ad7c0134e965de90a0a4a64e8eaa6e3 Commit 47266e33ea9f48c61c6cc8697999ede8477fe20e didn't uplift to branch v1-train
status-b2g-v1.2:
--- → fixed
status-b2g-v1.3:
--- → fixed
Comment 20•10 years ago
|
||
Is this something that needs to land on v1.1 still? IIUC, v1.1.x is only taking security updates now.
Flags: needinfo?(stephouillon)
Comment 21•10 years ago
|
||
Paul, do we need this on v1-train for v1.1.x still?
Flags: needinfo?(ptheriault)
Assignee | ||
Comment 22•10 years ago
|
||
Ryan,if it can be uplifted to 1.1.x, that would be nice of course. Did it fail because the code is incompatible and I need to write another patch for this version. As for the security updates, I'm not too familiar with the process usually: after discussing it with Paul, at the moment we think this bug is not critical enough to ship a security update to the partner.
Flags: needinfo?(stephouillon)
Flags: needinfo?(ptheriault)
Comment 23•10 years ago
|
||
Presumably there were merge conflicts with v1-train, so if this is wanted, you'll need a new patch. However, you'll probably want to get the "is it still wanted for a v1.1.x release?" question answered by Preeti or Bhavana first.
Flags: needinfo?(praghunath)
Flags: needinfo?(bbajaj)
Comment 24•10 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-5] from comment #23) > Presumably there were merge conflicts with v1-train, so if this is wanted, > you'll need a new patch. However, you'll probably want to get the "is it > still wanted for a v1.1.x release?" question answered by Preeti or Bhavana > first. We generally tend to uplift sec-high,sec-crit or a critical crash regression. For the rest, we go by the security team recommendation. Given comment #22 I think its ok to wontfix on 1.1.x.
Flags: needinfo?(praghunath)
Flags: needinfo?(bbajaj)
Updated•10 years ago
|
status-b2g-v1.1hd:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•