Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Oct 2012 13:38:58 GMT
From:      Boris Lytochkin <lytboris@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/172661: hostapd securing wireless adapter in HostAP mode is started too late
Message-ID:  <201210131338.q9DDcwjL089691@red.freebsd.org>
Resent-Message-ID: <201210131340.q9DDe0CN048320@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         172661
>Category:       misc
>Synopsis:       hostapd securing wireless adapter in HostAP mode is started too late
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 13 13:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Boris Lytochkin
>Release:        10.0-CURRENT
>Organization:
Yandex, LLC
>Environment:
FreeBSD gate.home 10.0-CURRENT FreeBSD 10.0-CURRENT #8: Sat Sep 29 06:31:21 MSK 2012     root@gate.home:/usr/obj/usr/src/sys/GATEv2  i386

>Description:
hostupd rc-script is scheduled for running in a trail of rc-scripts thus it should run as much close to netif as possible: if one is using wireless adapter in hostap mode, nnetif configures it into this mode BUT with no security applied. The interval between netif and hostapd launches this wireless network runs unsecured.
>How-To-Repeat:
Configure wlan0 into hostap mode, configure hostapd.
Reboot machine and observe your wireless network running without any security for 30-40 seconds or even couple of minutes.
>Fix:
1) hostapd should be inserted into NETWORKING REQUIRE record.
2) netif should be inserted into hostapd REQUIRE record.

This will significantly reduce period of unsecured wireless network running though not eliminating it totally.

Another approach is to introduce hostapd_ifaces variable and controlling wireless interface UP/DOWN state from rc-script. Ideally both of approaches should be implemented.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210131338.q9DDcwjL089691>