Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 27 Nov 2014 16:04:04 +0200
From: Jouni Malinen <j@...fi>
To: John Spencer <maillist-hostap@...fooze.de>
Cc: hostap@...ts.shmoo.com, sabotage@...ts.openwall.com
Subject: Re: [RFC][PATCH] wpa-supplicant: add capability to run action script
 directly

On Thu, Nov 27, 2014 at 01:59:04PM +0100, John Spencer wrote:
> Instead of having to run wpa_cli as a service to be able to execute
> an action script on CONNECT/DISCONNECT events (for the purpose of
> being
> able to get a DHCP address or assign one manually), it is much simpler
> and less resource-consuming to just run the action script directly from
> wpa_supplicant, which runs anyway.

This is against the policy of avoiding any external programs from being
started by wpa_supplicant (or hostapd for that matter). That control
interface-based design was used exactly to be able to avoid this type of
changes.

In addition to that specific policy, blocking wpa_supplicant here:

> +		} else {
> +			int loc;
> +			waitpid(child, &loc, 0);
> +		}

would be undesirable. There are number of operations (e.g., replying to
4-way handshake immediately after association or replying to some action
frames after completion of 4-way handshake) that should not be delayed.

-- 
Jouni Malinen                                            PGP id EFC895FA

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ