[PATCH] DBus: publish keys in network properties

Jouni Malinen j
Tue Dec 28 02:21:11 PST 2010


On Fri, Dec 17, 2010 at 05:43:48PM +0100, Johannes Berg wrote:
> Yes, I suppose we could limit it to provisioned networks -- but is it
> worth it, and can we easily tell the difference? I think we only expose
> the DBus interface to root, presumably root can read the config file
> anyway, or "remember" what was configured before over DBus?

Another application may have configured the network and there may be
assumption that the configured password (etc.) is safe since
wpa_supplicant has not exposed those to external programs in the past.
Sure, root could use a debugger etc. to break into the process, but
ignoring such raw access, this change here would be changing the assumed
behavior on passwords/PINs/passphrases.

I would expect struct wpa_ssid variable p2p_group to indicate that a
specific network is suitable for exposing the passphrase for P2P case.
For WPS, we may need to add something similar (or well, maybe just make
it generic and handle both of those with the new variable in struct
wpa_ssid indicating that passwords etc. can be exposed over D-Bus or
other similarly restricted interfaces).

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list