Security Issue: How secure is sending confidential credentials via wpa_cli type interface?

Bryan Kadzban bryan
Sat Aug 5 12:24:35 PDT 2006

Jouni Malinen wrote:
> In many ways, this new mechanisms brings same level of support for
> Windows builds that was available with Linux and BSD builds. I will
> likely replace UDP-based mechanism with named pipe -based one as the
> default option in future releases after the new code has received
> some more testing.

A thought on the security of the pipe(s):

When you add support for securing them, it would probably be the easiest
from a code perspective to let the config file use an SDDL string to set
up the permissions.  You can use [1] to convert that SDDL string into a
new security descriptor (which would become the lpSecurityDescriptor
member of the SECURITY_ATTRIBUTES structure passed to CreateNamedPipe).

See also [2], MSDN's page on the SDDL language.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : 

More information about the Hostap mailing list