From owner-freebsd-bugs@FreeBSD.ORG Sat Oct 13 13:40:01 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 194D22C8 for ; Sat, 13 Oct 2012 13:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [8.8.178.135]) by mx1.freebsd.org (Postfix) with ESMTP id E4A7A8FC12 for ; Sat, 13 Oct 2012 13:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q9DDe0xw048321 for ; Sat, 13 Oct 2012 13:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q9DDe0CN048320; Sat, 13 Oct 2012 13:40:00 GMT (envelope-from gnats) Resent-Date: Sat, 13 Oct 2012 13:40:00 GMT Resent-Message-Id: <201210131340.q9DDe0CN048320@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Boris Lytochkin Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5F5C92B9 for ; Sat, 13 Oct 2012 13:38:59 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 476708FC08 for ; Sat, 13 Oct 2012 13:38:59 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q9DDcxS3089692 for ; Sat, 13 Oct 2012 13:38:59 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id q9DDcwjL089691; Sat, 13 Oct 2012 13:38:58 GMT (envelope-from nobody) Message-Id: <201210131338.q9DDcwjL089691@red.freebsd.org> Date: Sat, 13 Oct 2012 13:38:58 GMT From: Boris Lytochkin To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/172661: hostapd securing wireless adapter in HostAP mode is started too late X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2012 13:40:01 -0000 >Number: 172661 >Category: misc >Synopsis: hostapd securing wireless adapter in HostAP mode is started too late >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Oct 13 13:40:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Boris Lytochkin >Release: 10.0-CURRENT >Organization: Yandex, LLC >Environment: FreeBSD gate.home 10.0-CURRENT FreeBSD 10.0-CURRENT #8: Sat Sep 29 06:31:21 MSK 2012 root@gate.home:/usr/obj/usr/src/sys/GATEv2 i386 >Description: hostupd rc-script is scheduled for running in a trail of rc-scripts thus it should run as much close to netif as possible: if one is using wireless adapter in hostap mode, nnetif configures it into this mode BUT with no security applied. The interval between netif and hostapd launches this wireless network runs unsecured. >How-To-Repeat: Configure wlan0 into hostap mode, configure hostapd. Reboot machine and observe your wireless network running without any security for 30-40 seconds or even couple of minutes. >Fix: 1) hostapd should be inserted into NETWORKING REQUIRE record. 2) netif should be inserted into hostapd REQUIRE record. This will significantly reduce period of unsecured wireless network running though not eliminating it totally. Another approach is to introduce hostapd_ifaces variable and controlling wireless interface UP/DOWN state from rc-script. Ideally both of approaches should be implemented. >Release-Note: >Audit-Trail: >Unformatted: