setEnvironmentVariable DBus method for wpasupplicant
dds at google.com
Thu Jul 24 01:15:37 EDT 2008
Stef <stef at memberwebs.com> writes:
> David Smith wrote:
>> Stef <stef at memberwebs.com> writes:
>>> David Smith wrote:
>>>> For implementing PKCS#11 support in the network manager gnome applet
>>>> using gnome keyring as the backing store, it's necessary to tell
>>>> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
>>>> loading the gnome keyring PKCS#11 library. This socket will be protected
>>>> to the local user, but since wpasupplicant must run as root, it should
>>>> be able to access it and indeed it must.
>>> Not sure how we plan to address this. gnome-keyring doesn't currently
>>> support access by root to its sockets.
>> Hmm, then this is a critical problem.
> Sadly this would be a difficult thing for gnome-keyring to change
> throughout all the code. It currently verifies the uid equals the
> current uid in many places throughout the code.
If it's a matter of just fixing the code, then that seems easier then
finding a way to get wpasupplicant to be able to run as the current
user. I think we have to make it so that the PKCS#11 module allows a
user's keyring can be harnessed by supplicants running as a different
user, as long as the user grants the supplicant sufficient access.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 480 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20080724/82484212/attachment.pgp
More information about the HostAP