[arch-general] How secure is wifi-menu
Peter Baldridge
petebaldridge at gmail.com
Wed Apr 1 18:47:25 UTC 2015
I think the same could be said for most things on the box. If someone
can write to that folder, they can probably just run the file and do
not need you to run wifi menu to trigger the file.
On Wed, Apr 1, 2015 at 11:43 AM, <h8h at dev-nu11.de> wrote:
> hi
>
> I recently switched to a new laptop and therefore I copied all my
> wifi-configuration files (/etc/netctl) to the new one. Too bad that the wifi
> interface has changed (thanks to sysctl) and I wrote a small bash script,
> which should change the `interface` variable. By the way the script doesn't
> work very well, but I place it in the same folder with all the
> wifi-configuration files (/etc/netctl/) and I noticed that the tool
> `wifi-menu` is executing my script. I don't think this is a big
> vulnerability nor a bug, but if an attacker has the opportunity to place a
> bash file there, the system could be damaged by simple executing
> `wifi-menu`. Yes I know that the folder is not world / user writeable, but
> maybe some thoughts from the archlinux community?
>
> The reason for executing is sourceing all the files in /etc/netctl, maybe
> this could be improved by using eval and grep, see [1]
>
> Cheers
> Christian Homeyer
> H8H
>
> [1] https://bbs.archlinux.org/viewtopic.php?id=85726
--
Pete Baldridge
206.992.2852
More information about the arch-general
mailing list