On Thu, Oct 03, 2019 at 09:59:19AM +0200, karsten_h@xxxxxxxxxxx wrote: > Improvements: > - Messages are written to stderr rather to stdout This has now be done through another patch. > - ssid will be handled as hexstring if necessary I'm not sure why this would be needed. > - addional parameters added > If last argv equals to WPACONFIG AND setuid(0) is successful the new entry will be > added to WPACONFIG > Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add > a network to WPACONFIG > WPACONFIG="/etc/wpa_supplicant/wpa_supplicant.conf" This part is certainly not what wpa_passphrase was designed for. I don't think it should be extended to provide means for adding PSK-only networks into a hardcoded configuration file path. The only reason for wpa_passphrase to be included in hostap.git is to provide means for converting an SSID/passphrase pair into a PSK as an easy way of generating a partial network block to reduce computational need for loading the configuration. That said, with WPA3-Personal and SAE, use of PSK-only configuration block without the passphrase would be highly discouraged since that does not work in WPA3-Personal transition mode. I don't really see the point of --secure to omit "ASCII-form of ssid and psk". That does not seem to have anything to do with security. And as far as the patch itself is concerned, unified diff would be highly preferred, but anyway, I'm not convinced that these changes should be made. It might make more sense to remove wpa_passphrase completely since it is not really compatible with WPA3-Personal and all new deployments should really enable transition mode with both PSK (WPA2-Personal) and SAE (WPA3-Personal) and that can be done only by configuring the passphrase version. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
