#defines for the Command strings

George S. Lockwood gslockwood
Fri Sep 1 10:05:08 PDT 2006 

The kernel of the idea was to prevent an outsider to command the
service or supplicant.  If pipes are absolutely secure then I agree,
there may not be any issue for concern.

my idea, via obscuring commands, was just a means to customize command
so that only a person with access to the code modules would know how
to control the service/supplicant.

I'm really just trying to think like a malicious person and to find
ways to cause misbehavior.

I believe One GIANT security risk is already handled by you!  That
would be the use of the "SAVE_CONFIG" command.  If this is for saving
the network definitions back to the config text file -including
confidential credential info, this is dangerous.  BUT when I tried
that a few weeks ago, the supplicant prevented the attempt and did not
save.  I didn't investigate, but I believe I saw a message that made
me think the supplicant must be initized in some way to ALLOW this
command to proceed.  And I'm not even sure what actually would be
written to the text file -confidential info or not.


anyway, for my purposes, the supplicant/ service must be used by my
wpa_cli adapted app and not by any other means.  Maybe I don't need to
be concerned, maybe we should be.


george



On 9/1/06, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Fri, Sep 01, 2006 at 07:53:32AM -0700, George S. Lockwood wrote:
>
> > Along the lines of the new #define WPA_SUPPLICANT_NAMED_PIPE which
> > could be defined in a common header such as build_config.h -GREAT,  I
> > believe it also a good idea to #define the command strings (e.g.
> > "ADD_NETWORK" & "LIST_NETWORKS", et al.) in that or a new header file.
> >
> > like:
> >
> > #define ADD_NETWORK  "ADD_NETWORK"
> >
> > then replace the references to "ADD_NETWORK" with ADD_NETWORK.
>
> If this was done to remove constants from the code, that could be
> possible. However..
>
> > this is for security purposes.
>
> If this is done to change those values with this claim, I do not plan on
> doing it. I'm not a huge fan of security by obscurity. If you believe
> there is a security problem here, please describe the problem and let's
> try to get a reasonable solution for it. Just replacing the command
> strings does not provide security.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>

More information about the Hostap mailing list