potential bug in wpa_cli
npiazza at disroot.org
npiazza at disroot.org
Wed Feb 26 17:47:07 PST 2025
If wpa_supplicant runs as non-root user (with CAP_NET_RAW and
CAP_NET_ADMIN), it is unable to reply to wpa_cli, when wpa_cli is run
by a user in control_interface_group. It only works if either wpa_cli
is run by the same user that runs wpa_supplicant, or if it is run as
umask 0; wpa_cli
or if we give wpa_supplicant also CAP_DAC_OVERRIDE.
It seems wpa_cli on Linux creates sockets in /tmp with the wrong uid/gid
for wpa_supplicant to access them. See the original Debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031375
Is there any suggested fix or advice from upstream?
More information about the Hostap
mailing list