[arch-general] How secure is wifi-menu
Doug Newgard
scimmia at archlinux.info
Thu Apr 2 04:34:14 UTC 2015
On Wed, 01 Apr 2015 20:43:46 +0200
h8h at dev-nu11.de wrote:
> hi
>
> I recently switched to a new laptop and therefore I copied all my
> wifi-configuration files (/etc/netctl) to the new one. Too bad that the
> wifi interface has changed (thanks to sysctl) and I wrote a small bash
> script, which should change the `interface` variable. By the way the
> script doesn't work very well, but I place it in the same folder with
> all the wifi-configuration files (/etc/netctl/) and I noticed that the
> tool `wifi-menu` is executing my script. I don't think this is a big
> vulnerability nor a bug, but if an attacker has the opportunity to place
> a bash file there, the system could be damaged by simple executing
> `wifi-menu`. Yes I know that the folder is not world / user writeable,
> but maybe some thoughts from the archlinux community?
>
> The reason for executing is sourceing all the files in /etc/netctl,
> maybe this could be improved by using eval and grep, see [1]
>
> Cheers
> Christian Homeyer
> H8H
>
> [1] https://bbs.archlinux.org/viewtopic.php?id=85726
Same thing could be said for /etc/profile.d/, /etc/X11/xinit/xinitrc.d, and
various other places. Permissions are there for a reason.
Doug
More information about the arch-general
mailing list