setEnvironmentVariable DBus method for wpasupplicant

David Smith dds at google.com
Thu Jul 24 01:15:37 EDT 2008


Stef <stef at memberwebs.com> writes:

> David Smith wrote:
>> Stef <stef at memberwebs.com> writes:
>> 
>>> David Smith wrote:
>>>> For implementing PKCS#11 support in the network manager gnome applet
>>>> using gnome keyring as the backing store, it's necessary to tell
>>>> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
>>>> loading the gnome keyring PKCS#11 library. This socket will be protected
>>>> to the local user, but since wpasupplicant must run as root, it should
>>>> be able to access it and indeed it must.
>>> Not sure how we plan to address this. gnome-keyring doesn't currently
>>> support access by root to its sockets.
>> 
>> Hmm, then this is a critical problem.
>
> Sadly this would be a difficult thing for gnome-keyring to change
> throughout all the code. It currently verifies the uid equals the
> current uid in many places throughout the code.

If it's a matter of just fixing the code, then that seems easier then
finding a way to get wpasupplicant to be able to run as the current
user. I think we have to make it so that the PKCS#11 module allows a
user's keyring can be harnessed by supplicants running as a different
user, as long as the user grants the supplicant sufficient access.

- dds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20080724/82484212/attachment.pgp 


More information about the HostAP mailing list