Date: Tue, 17 Oct 2017 06:19:05 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: David Wolfskill <david@catwhisker.org>, Cy Schubert <Cy.Schubert@komquats.com>, current@freebsd.org Subject: Re: cve-2017-13077 - WPA2 security vulni Message-ID: <201710171319.v9HDJ5QI004672@slippy.cwsent.com> In-Reply-To: Message from David Wolfskill <david@catwhisker.org> of "Tue, 17 Oct 2017 05:58:29 -0700." <20171017125829.GA35718@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20171017125829.GA35718@albert.catwhisker.org>, David Wolfskill writ es: > > > --azLHFNyN32YCQGCU > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote: > > In message <FE754A9E-BE47-4843-AB3A-2619665F1657@lastsummer.de>, Franco= > =20 > > Fichtne > > r writes: > > ... > > > wpa_supplicant 2.6_2 > > >=20 > > > No apparent issues with the ports, preliminary connectivity > > > checks work as expected. Started a public CFT over at OPNsense > > > to gather more feedback. > >=20 > > Agreed. > > .... > > First: Thank you for doing this, Cy. No problem. I was aiming to put something together in base but an hour at noon wasn't enough so I switched gears and went after the port instead. It was a quick win. > > I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop > (when it's running stable/11). > > I did have one mild surprise: I had rebooted my laptop to verify that > the ports version of wpa_supplicant would work, and as the screen went > dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to > /usr/local/etc -- but my concern proved to be unfounded: the > wpa_supplicant.conf in /etc/ was used (successfully). > > Question: Should one expect a wpa_supplicant-2.6_2 executable built > under FreeBSD stable/11 (amd64) to work on the same hardware, but > running head? Possibly. I run head here. The things that could impact you are shared libraries (ABI) and KBI. > > For reasons that are (at best) tangential to this topic, I track, > build, and smoke-test both stable/11 and head daily, but only build > the ports (daily) under (the just-built/booted) stable/11 -- depending > on misc/compat11 to handle things as necessary for head. This works > (well, IMO)... except that when I had configured my "head slice" > to use the ports version of wpa_supplicant, the latter was apparently > not happy: > > =2E.. > Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:03:ce > Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialized wp= > a_supplicant > Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=3D98, = > arg_len=3D32]: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC_DEV= > CAPS: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initialize= > driver interface > Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: failed t= > o start wpa_supplicant You have your answer. It's likely a KBI issue. > =2E... > > The laptop spends the vast bulk of its time running stable/11, so > the threat is somewhat mitigated.... It appears you may need to in some cases rebuild some ports on head. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710171319.v9HDJ5QI004672>