:: Re: [DNG] How to test the backend o…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: aitor_czr
日付:  
To: dng
題目: Re: [DNG] How to test the backend of simple-netaid
Hi again,

El 07/09/18 a las 19:50, aitor_czr escribió:
>
> Hi,
>
> El 07/09/18 a las 19:37, aitor_czr escribió:
>> This is the simple script used for the wireless connection attempts:
>>
>> ifdown <device_name>
>> ip link set <device_name> up
>> pkill wpa_supplicant
>> wpa_passphrase <essid> <password> > <conf_file>
>> wpa_supplicant -B -c<conf_file> -i<device_name>
>> rm -f /run/network/ifstate.<device_name>
>> ip link set <device_name> up
>> sleep 1
>> ifup <device_name>
>>
>> Maybe, the lines nº 6 and nº7 are superfluous. The line nº8 (that is,
>> "sleep 1") is important, believe it.
>> As sysadmins, what do you think about the use of "pkill wpa_supplicant"?
>>
>>   Aitor.
>
> This script needs granted permissions; so, it's included in a suid
> binary. Once i talked about a security key for this binary.
> The security key would be generated during the compilation of the
> application in a way that only those binaries built *together* with
> the suid binary will know it.
> First of all, i have to deal with the add_custom_command() function of
> CMake, in order to control the preference of the targets.
> The first step should be to generate this key, before all the executables.
>
> Cheers,
>
>  Aitor.


The idea is very simple. The GUI and the suid binary will contain a
non-existent header:

#include "key.h"

The key.h file will contain an unique line (the random definition of the
KEY varible) edited by CMake during the compilation. For example:

var1="#define KEY "
var2=`tr -cd '[:alnum:]' < /dev/urandom | fold -w32 | head -n1`
echo "${var1}\"${var2}\"" > key.h

would generate something like this:

#define KEY "X1AULvFge6Tgq1p9BZat4EEVqAwaCnsB"

and then, the suid binary only will be able to be run from the GUI,
built together with it.

Cheers,

  Aitor.