From owner-freebsd-current@freebsd.org Tue Oct 17 16:51:29 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42856E401C2 for ; Tue, 17 Oct 2017 16:51:29 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1746374E4C for ; Tue, 17 Oct 2017 16:51:28 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 36E691362D for ; Tue, 17 Oct 2017 16:51:27 +0000 (UTC) Subject: Re: cve-2017-13077 - WPA2 security vulni To: freebsd-current@freebsd.org References: <201710170627.v9H6R0XC078179@slippy.cwsent.com> <20171017125829.GA35718@albert.catwhisker.org> From: Allan Jude Message-ID: Date: Tue, 17 Oct 2017 12:51:23 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20171017125829.GA35718@albert.catwhisker.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="eK19BdBQ59M6ON7iOddLqHwhgGosurMKI" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 16:51:29 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI Content-Type: multipart/mixed; boundary="EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34"; protected-headers="v1" From: Allan Jude To: freebsd-current@freebsd.org Message-ID: Subject: Re: cve-2017-13077 - WPA2 security vulni References: <201710170627.v9H6R0XC078179@slippy.cwsent.com> <20171017125829.GA35718@albert.catwhisker.org> In-Reply-To: <20171017125829.GA35718@albert.catwhisker.org> --EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34 Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2017-10-17 08:58, David Wolfskill wrote: > On Mon, Oct 16, 2017 at 11:27:00PM -0700, Cy Schubert wrote: >> In message , Franc= o=20 >> Fichtne >> r writes: >> ... >>> wpa_supplicant 2.6_2 >>> >>> No apparent issues with the ports, preliminary connectivity >>> checks work as expected. Started a public CFT over at OPNsense >>> to gather more feedback. >> >> Agreed. >> .... >=20 > First: Thank you for doing this, Cy. >=20 > I am now (also) running wpa_supplicant-2.6_2 successfully on my laptop > (when it's running stable/11). >=20 > I did have one mild surprise: I had rebooted my laptop to verify that > the ports version of wpa_supplicant would work, and as the screen went > dark, I recalled that I had failed to copy /etc/wpa_supplicant.conf to > /usr/local/etc -- but my concern proved to be unfounded: the > wpa_supplicant.conf in /etc/ was used (successfully). >=20 > Question: Should one expect a wpa_supplicant-2.6_2 executable built > under FreeBSD stable/11 (amd64) to work on the same hardware, but > running head? Did you run the version from ports, or did you run the base /etc/rc.d script with your rc.conf set to point to the ports binary? This will run the command with -c /etc/wpa_supplicant.conf overriding the ports default= =2E So this is expected to work in this way. >=20 > For reasons that are (at best) tangential to this topic, I track, > build, and smoke-test both stable/11 and head daily, but only build > the ports (daily) under (the just-built/booted) stable/11 -- depending > on misc/compat11 to handle things as necessary for head. This works > (well, IMO)... except that when I had configured my "head slice" > to use the ports version of wpa_supplicant, the latter was apparently > not happy: >=20 > ... > Oct 17 11:06:13 localhost kernel: wlan0: Ethernet address: 00:24:d6:7a:= 03:ce > Oct 17 11:06:13 localhost wpa_supplicant[1279]: Successfully initialize= d wpa_supplicant > Oct 17 11:06:14 localhost wpa_supplicant[1279]: ioctl[SIOCS80211, op=3D= 98, arg_len=3D32]: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: failed to IEEE80211_IOC= _DEVCAPS: Invalid argument > Oct 17 11:06:14 localhost wpa_supplicant[1279]: wlan0: Failed to initia= lize driver interface > Oct 17 11:06:14 localhost root: /etc/rc.d/wpa_supplicant: WARNING: fail= ed to start wpa_supplicant > .... >=20 > The laptop spends the vast bulk of its time running stable/11, so > the threat is somewhat mitigated.... >=20 > Peace, > david >=20 --=20 Allan Jude --EtxxLtbolBMdxM0XkeGK7Rr3ip4p3nm34-- --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJZ5jUOAAoJEBmVNT4SmAt+q1gP/1utXEHU724BU4WhOvNVIxku 49hvI6tnlAlyAy+xh6Ik+bKkUK49MLCswu3yPrxnJHw3f/MWLzjyBJLoCZYI/c11 SFcK5aMT5+sYgVXTtuBvmV/uROdt4yUoFmOQCScg7FWKgrhO4uqs3t7ObmY3/jcq 4aivB1mDD+Yq0TZHsxuH+BtIW+pfOw6aF3iHEgM0EEviAeSqShkJAwqRB59bL3E0 GU7fs8KfXALrb5hILBcD3Z0VSuPaL+cMfhficB4qHwcEXfkhV0ZWGhvkjF6b3pfS bYtnx2uJLqjv/r+DH+7dvdRUi5RcnOe8oJW/RgNIh9DdWQabyYvrRM+YltudXpUv IuAfJp4xn0mGGCqR/8CKocRCuIj0fqFanKSsVL8VW3U3Vq3GRVYBgqHNqbeSDfLw ZVOemMFkfeImpMS063imAiJUIgvId9GT6q5GugnRGQKGHpZMAgk4l2G+MlSGUGps ggCykny5cSwUkcacWVRDJRsa3I+r7tDlD1Cm30102g5toXcgQShBvtPYQ21bTHHK ProfI0q5xd/2YptJNP0XAfUHSa9by0LJ30Nsvh4sFxQ/x6BOUWMRN6xFVdGNnbpp g2X9EQbLFqhCkh38JS3Hudk/iA3a+YOn+eUn2nJKEcKcl6dIS1xtqtSeqp4zD0Xk nQ8joWljq2SNqAqvUIlF =4xMP -----END PGP SIGNATURE----- --eK19BdBQ59M6ON7iOddLqHwhgGosurMKI--