setEnvironmentVariable DBus method for wpasupplicant
Jouni Malinen
j
Wed Jul 30 05:44:05 PDT 2008
On Tue, Jul 29, 2008 at 02:59:54PM +0900, David Smith wrote:
> Jouni Malinen <j at w1.fi> writes:
> > wpa_supplicant 0.6.x has support for privilege separation that allows
> > the wpa_supplicant process to be run as any user (wpa_priv process will
> > be used for operations that require root access). Actually, this moves
> > even more than all crypto into non-root user context.
> Can this already be used for pkcs#11 operations?
If it is alright for the system to run wpa_supplicant as the current
user (however that is defined in multiuser systems..), yes, PKCS#11
operations would indeed be run as a non-root user along with all the
other authentication functionality. This would require that whatever is
starting wpa_supplicant knows how to start it with the current user,
though, since wpa_supplicant itself does not do use setuid() (etc.) to
change the UID.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list