Platform Tests for the recent supplicant (with pipes)

Jouni Malinen jkmaline
Sun Sep 10 13:03:21 PDT 2006


On Sat, Sep 02, 2006 at 03:26:30PM -0700, George S. Lockwood wrote:

> Finally, re: security and control.  Yes just how much control can be
> developed into dlls and apps? ultimately for any dll / app to be
> useful, some degree of freedom and thus exposure must be present.  How
> can we stop malicious misuse of our apps by crackers and still develop
> useful tools and apps for the rest of us?

By restricting the access to the control interface (e.g., named pipes),
not by trying to obscure the command names..

> I believe in developing SECURE, fucntional, and useful dlls and apps
> with safeguards AND the ability to easily customize "open" source code
> so it is different enough from the base so that miscreatants cannot
> leaverage their lookalike code/apps to intrude and cause disruptive or
> larcenous  behaviors.  E.g. how can we prevent another cli type app
> built around the same supplicant to be started and interfere with our
> cli's usage of that supp?

Renaming the commands is just security by obscurity and I have no
interest in supporting that; it does not increase security in any
meaningful amount. If the same user has access to two different programs
that would be using the same interface, he/she can use either program.
The access control is on who (user) can do this, not on what program
they can use to do it.

> And actually the biggest new feature of Vista will be the monitoring
> of apps and their usage of (intrusions into) sensitive areas of the os
> and overall system.  There will be denial to access and reporting of
> statistics.  Vista maybe flashier but it will be very controling re:
> secuity issues.

Yes, and almost completely impossible to use due to N+1 questions
popping up when trying to do anything.. That will just make users ignore
the questions and accept anything and the end result is that users may
be less likely to notice security issues because of two many warnings..

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list