[PATCH 1/3] Added wpa_config_get_all function

Jouni Malinen j at w1.fi
Mon Nov 9 13:52:17 EST 2009


On Wed, Oct 21, 2009 at 10:56:45AM -0700, Dan Williams wrote:
> On Sun, 2009-10-18 at 03:55 +0200, Witold Sowa wrote:
> > New function returns all parameters of network configuration block.
> 
> Cool; we'd use this in NM to retrieve the new security settings after
> the supplicant updates the network block with the options received from
> a WPS run.

In general, I do not really like the idea of exposing all the
configuration data (mainly, passwords, PSK, etc. private information)
from wpa_supplicant. How does the dbus interface authenticate the caller
and prevent unauthorized users from using this interface to extract
private keys?

As far as WPS is concerned, the enrolled credential could be provided to
the external program when something else is in control of the
configuration. This would at least limit the access to information
available via WPS and would not expose other configuration items that
the user could have entered directly into wpa_supplicant configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list