Security Issue: How secure is sending confidential credentials via wpa_cli type interface?

[Jouni Malinen]

On Sat, Aug 05, 2006 at 03:24:35PM -0400, Bryan Kadzban wrote:

> A thought on the security of the pipe(s):
> 
> When you add support for securing them, it would probably be the easiest
> from a code perspective to let the config file use an SDDL string to set
> up the permissions.  You can use [1] to convert that SDDL string into a
> new security descriptor (which would become the lpSecurityDescriptor
> member of the SECURITY_ATTRIBUTES structure passed to CreateNamedPipe).

Yes, that sounds like a good idea. I'm not at all familiar with the way
Windows security parameters are set, so for now, I just left the
SECURITY_ATTRIBUTES parameter NULL for default values. Anyway, I was
planning on changing the access control configuration to use a string
even for UNIX domain sockets (which is now using path and group id as
the parameters). That kind of change should fit in well with this SDDL
change, too.

This won't be available for Windows 9x/ME, but then again, some of the
named pipe features seemed to already go beyond the 9x support.

> See also [2], MSDN's page on the SDDL language.

That's quite a useful reference, too. I had no idea what kind of string
format would be used here, but as long as I can find a suitable example
string, that should be all that's needed to test this ;-).

-- 
Jouni Malinen                                            PGP id EFC895FA