Re: How secure is wifi-menu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I think the same could be said for most things on the box.  If someone
can write to that folder, they can probably just run the file and do
not need you to run wifi menu to trigger the file.

On Wed, Apr 1, 2015 at 11:43 AM,  <h8h@xxxxxxxxxxx> wrote:
> hi
>
> I recently switched to a new laptop and therefore I copied all my
> wifi-configuration files (/etc/netctl) to the new one. Too bad that the wifi
> interface has changed (thanks to sysctl) and I wrote a small bash script,
> which should change the `interface` variable. By the way the script doesn't
> work very well, but I place it in the same folder with all the
> wifi-configuration files (/etc/netctl/) and I noticed that the tool
> `wifi-menu` is executing my script. I don't think this is a big
> vulnerability nor a bug, but if an attacker has the opportunity to place a
> bash file there, the system could be damaged by simple executing
> `wifi-menu`. Yes I know that the folder is not world / user writeable, but
> maybe some thoughts from the archlinux community?
>
> The reason for executing is sourceing all the files in /etc/netctl, maybe
> this could be improved by using eval and grep, see [1]
>
> Cheers
> Christian Homeyer
> H8H
>
> [1] https://bbs.archlinux.org/viewtopic.php?id=85726



-- 

Pete Baldridge
206.992.2852


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux