Re: setEnvironmentVariable DBus method for wpasupplicant

From: Jouni Malinen <j w1 fi>
To: Dan Williams <dcbw redhat com>
Cc: hostap lists shmoo com, stef memberwebs com, networkmanager-list gnome org
Subject: Re: setEnvironmentVariable DBus method for wpasupplicant
Date: Tue, 29 Jul 2008 08:24:11 +0300

On Mon, Jul 28, 2008 at 07:26:12AM -0400, Dan Williams wrote:

> However, the supplicant does need to be able to poke wireless stuff that
> requires root privs, so there may need to be privilege separation or
> something like that within the supplicant like you suggest.  But you
> don't need to do _all_ crypto in the user session, you only need to run
> the bits that derive the TLS session key (and rekeys perhaps) since
> those are the only bits that really require the user secrets directly.

wpa_supplicant 0.6.x has support for privilege separation that allows
the wpa_supplicant process to be run as any user (wpa_priv process will
be used for operations that require root access). Actually, this moves
even more than all crypto into non-root user context.

-- 
Jouni Malinen                                            PGP id EFC895FA

Follow-Ups:
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith

References:
- setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: Dan Williams
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: Stef
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: Dan Williams
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: Stef
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]