setEnvironmentVariable DBus method for wpasupplicant

Jouni Malinen j
Wed Jul 30 05:44:05 PDT 2008


On Tue, Jul 29, 2008 at 02:59:54PM +0900, David Smith wrote:
> Jouni Malinen <j at w1.fi> writes:
> > wpa_supplicant 0.6.x has support for privilege separation that allows
> > the wpa_supplicant process to be run as any user (wpa_priv process will
> > be used for operations that require root access). Actually, this moves
> > even more than all crypto into non-root user context.

> Can this already be used for pkcs#11 operations?

If it is alright for the system to run wpa_supplicant as the current
user (however that is defined in multiuser systems..), yes, PKCS#11
operations would indeed be run as a non-root user along with all the
other authentication functionality. This would require that whatever is
starting wpa_supplicant knows how to start it with the current user,
though, since wpa_supplicant itself does not do use setuid() (etc.) to
change the UID.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list