[arch-general] How secure is wifi-menu

h8h at dev-nu11.de h8h at dev-nu11.de
Wed Apr 1 18:43:46 UTC 2015


I recently switched to a new laptop and therefore I copied all my 
wifi-configuration files (/etc/netctl) to the new one. Too bad that the 
wifi interface has changed (thanks to sysctl) and I wrote a small bash 
script, which should change the `interface` variable. By the way the 
script doesn't work very well, but I place it in the same folder with 
all the wifi-configuration files (/etc/netctl/) and I noticed that the 
tool `wifi-menu` is executing my script. I don't think this is a big 
vulnerability nor a bug, but if an attacker has the opportunity to place 
a bash file there, the system could be damaged by simple executing 
`wifi-menu`. Yes I know that the folder is not world / user writeable, 
but maybe some thoughts from the archlinux community?

The reason for executing is sourceing all the files in /etc/netctl, 
maybe this could be improved by using eval and grep, see [1]

Christian Homeyer

[1] https://bbs.archlinux.org/viewtopic.php?id=85726

More information about the arch-general mailing list