hi
I recently switched to a new laptop and therefore I copied all my
wifi-configuration files (/etc/netctl) to the new one. Too bad that the
wifi interface has changed (thanks to sysctl) and I wrote a small bash
script, which should change the `interface` variable. By the way the
script doesn't work very well, but I place it in the same folder with
all the wifi-configuration files (/etc/netctl/) and I noticed that the
tool `wifi-menu` is executing my script. I don't think this is a big
vulnerability nor a bug, but if an attacker has the opportunity to place
a bash file there, the system could be damaged by simple executing
`wifi-menu`. Yes I know that the folder is not world / user writeable,
but maybe some thoughts from the archlinux community?
The reason for executing is sourceing all the files in /etc/netctl,
maybe this could be improved by using eval and grep, see [1]
Cheers
Christian Homeyer
H8H
[1] https://bbs.archlinux.org/viewtopic.php?id=85726