Security Issue: How secure is sending confidential credentials via wpa_cli type interface?
bryan at kadzban.is-a-geek.net
Sat Aug 5 15:24:35 EDT 2006
Jouni Malinen wrote:
> In many ways, this new mechanisms brings same level of support for
> Windows builds that was available with Linux and BSD builds. I will
> likely replace UDP-based mechanism with named pipe -based one as the
> default option in future releases after the new code has received
> some more testing.
A thought on the security of the pipe(s):
When you add support for securing them, it would probably be the easiest
from a code perspective to let the config file use an SDDL string to set
up the permissions. You can use  to convert that SDDL string into a
new security descriptor (which would become the lpSecurityDescriptor
member of the SECURITY_ATTRIBUTES structure passed to CreateNamedPipe).
See also , MSDN's page on the SDDL language.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060805/6323aa80/attachment.pgp
More information about the HostAP