Re: setEnvironmentVariable DBus method for wpasupplicant

Jouni Malinen <j w1 fi> writes:

> On Mon, Jul 28, 2008 at 07:26:12AM -0400, Dan Williams wrote:
>> However, the supplicant does need to be able to poke wireless stuff that
>> requires root privs, so there may need to be privilege separation or
>> something like that within the supplicant like you suggest.  But you
>> don't need to do _all_ crypto in the user session, you only need to run
>> the bits that derive the TLS session key (and rekeys perhaps) since
>> those are the only bits that really require the user secrets directly.
> wpa_supplicant 0.6.x has support for privilege separation that allows
> the wpa_supplicant process to be run as any user (wpa_priv process will
> be used for operations that require root access). Actually, this moves
> even more than all crypto into non-root user context.

Can this already be used for pkcs#11 operations?

- dds

Attachment: pgpaiDvbPWAoN.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]