| View previous topic :: View next topic |
| Author |
Message |
geki
Advocate
Joined: 13 May 2004
Posts: 2387
Location: Germania
|
 Posted: Sat Dec 09, 2017 6:32 pm Post subject: wpa_supplicant: useflag privsep configuration help needed |
 |
|
Hi all!
I would like to enable useflag privsep on wpa_supplicant.
The ebuild does nothing but install the wpa_priv binary.
The configuration example[0] is a bit thin.
It looks like the init script would need an update:
- Use wpa_priv instead of wpa_supplicant
- add group and paths (i.e.: /var/run/...)
- ...?
Anyone actually uses privilege separation for wpa_supplicant?
What would need to be done?
Well, I just do not want to disconnect my laptop from network for fun.
The cabled network link is unusable - disconnects every other second. 
[0] https://linux.die.net/man/8/wpa_priv
_________________
hear hear |
|
| Back to top |
|
 |
charles17
Advocate
Joined: 02 Mar 2008
Posts: 3685
|
| Posted: Sun Dec 10, 2017 6:00 pm Post subject: Re: wpa_supplicant: useflag privsep configuration help neede |
|
|
| geki wrote: | Hi all!
I would like to enable useflag privsep on wpa_supplicant. |
???
| Code: | equery u wpa_supplicant
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-wireless/wpa_supplicant-2.6-r3:
U I
- - ap : Add support for access point mode
- - dbus : Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc)
- - eap-sim : Add support for EAP-SIM authentication algorithm
- - fasteap : Add support for FAST-EAP authentication algorithm
- - gnutls : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
+ + hs2-0 : Add support for 802.11u and Passpoint for HotSpot 2.0
- - libressl : Use dev-libs/libressl as SSL provider (might need ssl USE flag), packages should not depend on this USE flag
- - p2p : Add support for Wi-Fi Direct mode
+ + qt5 : Add support for the Qt 5 application and UI framework
+ + readline : Enable support for libreadline, a GNU line-editing library that almost everyone wants
- - smartcard : Add support for smartcards
+ + ssl : Add support for Secure Socket Layer connections
- - tdls : Add support for Tunneled Direct Link Setup (802.11z)
- - uncommon-eap-types : Add support for GPSK, SAKE, GPSK_SHA256, IKEV2 and EKE
+ + wps : Add support for Wi-Fi Protected Setup
|
|
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Sun Dec 10, 2017 6:34 pm Post subject: |
|
|
charles17 ... in such cases you need to provide the =*-<version>-<revision>:
| equery -NC u =net-wireless/wpa_supplicant-2.6-r4 | grep privsep: | | - - privsep : <unknown> |
@geki ... it would require significant changes to the current initd script, essencially you would have to split it into two parts, one starting wpa_priv, and a second starting the wpa_supplicant process with a chosen UID/GID. I've thought about doing this but I've neither had time, nor inclination, to look any further as on my inital look see I couldn't see an easy way to keep the current single init as is while incorporating those changes (prompting me to think that these wouldn't get merged into ::gentoo).
best ... khay |
|
| Back to top |
|
|
geki
Advocate
Joined: 13 May 2004
Posts: 2387
Location: Germania
|
| Posted: Sun Dec 10, 2017 7:59 pm Post subject: |
|
|
| Code: | | - - privsep : Enable wpa_priv privledge separation binary |
@khayyam yes, looks that way and I neither got time. 
So we have to wait for gentoo devs to finish privilege separation integration.
p.s.: hmm, there is a double-typo in description.
_________________
hear hear |
|
| Back to top |
|
|
|
Networking & Security
