Date: Tue, 17 Oct 2017 12:51:23 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: cve-2017-13077 - WPA2 security vulni Message-ID: <d2ccbc07-5209-16f6-860a-1e5371537392@freebsd.org> In-Reply-To: <20171017125829.GA35718@albert.catwhisker.org> References: <franco@lastsummer.de> <FE754A9E-BE47-4843-AB3A-2619665F1657@lastsummer.de> <201710170627.v9H6R0XC078179@slippy.cwsent.com> <20171017125829.GA35718@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI Content-Type: multipart/mixed; boundary="EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34"; protected-headers="v1" From: Allan Jude <allanjude@freebsd.org> To: freebsd-current@freebsd.org Message-ID: <d2ccbc07-5209-16f6-860a-1e5371537392@freebsd.org> Subject: Re: cve-2017-13077 - WPA2 security vulni References: <franco@lastsummer.de> <FE754A9E-BE47-4843-AB3A-2619665F1657@lastsummer.de> <201710170627.v9H6R0XC078179@slippy.cwsent.com> <20171017125829.GA35718@albert.catwhisker.org> In-Reply-To: <20171017125829.GA35718@albert.catwhisker.org> --EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34 Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2017-10-17 08:58, David Wolfskill wrote: > On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote: >> In message <FE754A9E-BE47-4843-AB3A-2619665F1657@lastsummer.de>, Franc= o=20 >> Fichtne >> r writes: >> ... >>> wpa_supplicant 2.6_2 >>> >>> No apparent issues with the ports, preliminary connectivity >>> checks work as expected. Started a public CFT over at OPNsense >>> to gather more feedback. >> >> Agreed. >> .... >=20 > First: Thank you for doing this, Cy. >=20 > I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop > (when it's running stable/11). >=20 > I did have one mild surprise: I had rebooted my laptop to verify that > the ports version of wpa_supplicant would work, and as the screen went > dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to > /usr/local/etc -- but my concern proved to be unfounded: the > wpa_supplicant.conf in /etc/ was used (successfully). >=20 > Question: Should one expect a wpa_supplicant-2.6_2 executable built > under FreeBSD stable/11 (amd64) to work on the same hardware, but > running head? Did you run the version from ports, or did you run the base /etc/rc.d script with your rc.conf set to point to the ports binary? This will run the command with -c /etc/wpa_supplicant.conf overriding the ports default= =2E So this is expected to work in this way. >=20 > For reasons that are (at best) tangential to this topic, I track, > build, and smoke-test both stable/11 and head daily, but only build > the ports (daily) under (the just-built/booted) stable/11 -- depending > on misc/compat11 to handle things as necessary for head. This works > (well, IMO)... except that when I had configured my "head slice" > to use the ports version of wpa_supplicant, the latter was apparently > not happy: >=20 > ... > Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:= 03:ce > Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialize= d wpa_supplicant > Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=3D= 98, arg_len=3D32]: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC= _DEVCAPS: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initia= lize driver interface > Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: fail= ed to start wpa_supplicant > .... >=20 > The laptop spends the vast bulk of its time running stable/11, so > the threat is somewhat mitigated.... >=20 > Peace, > david >=20 --=20 Allan Jude --EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34-- --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJZ5jUOAAoJEBmVNT4SmAt+q1gP/1utXEHU724BU4WhOvNVIxku 49hvI6tnlAlyAy+xh6Ik+bKkUK49MLCswu3yPrxnJHw3f/MWLzjyBJLoCZYI/c11 SFcK5aMT5+sYgVXTtuBvmV/uROdt4yUoFmOQCScg7FWKgrhO4uqs3t7ObmY3/jcq 4aivB1mDD+Yq0TZHsxuH+BtIW+pfOw6aF3iHEgM0EEviAeSqShkJAwqRB59bL3E0 GU7fs8KfXALrb5hILBcD3Z0VSuPaL+cMfhficB4qHwcEXfkhV0ZWGhvkjF6b3pfS bYtnx2uJLqjv/r+DH+7dvdRUi5RcnOe8oJW/RgNIh9DdWQabyYvrRM+YltudXpUv IuAfJp4xn0mGGCqR/8CKocRCuIj0fqFanKSsVL8VW3U3Vq3GRVYBgqHNqbeSDfLw ZVOemMFkfeImpMS063imAiJUIgvId9GT6q5GugnRGQKGHpZMAgk4l2G+MlSGUGps ggCykny5cSwUkcacWVRDJRsa3I+r7tDlD1Cm30102g5toXcgQShBvtPYQ21bTHHK ProfI0q5xd/2YptJNP0XAfUHSa9by0LJ30Nsvh4sFxQ/x6BOUWMRN6xFVdGNnbpp g2X9EQbLFqhCkh38JS3Hudk/iA3a+YOn+eUn2nJKEcKcl6dIS1xtqtSeqp4zD0Xk nQ8joWljq2SNqAqvUIlF =4xMP -----END PGP SIGNATURE----- --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d2ccbc07-5209-16f6-860a-1e5371537392>