Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Oct 2017 10:47:41 -0700
From:      Kevin Oberman <rkoberman@gmail.com>
To:        "current@freebsd.org" <current@freebsd.org>, Allan Jude <allanjude@freebsd.org>,  FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: cve-2017-13077 - WPA2 security vulni
Message-ID:  <CAN6yY1vhUr2nN7tj4pd_q3J62tcXnkh5%2BFXpE3pLDESsLMDFDg@mail.gmail.com>
In-Reply-To: <20171017165708.GE1214@albert.catwhisker.org>
References:  <franco@lastsummer.de> <FE754A9E-BE47-4843-AB3A-2619665F1657@lastsummer.de> <201710170627.v9H6R0XC078179@slippy.cwsent.com> <20171017125829.GA35718@albert.catwhisker.org> <d2ccbc07-5209-16f6-860a-1e5371537392@freebsd.org> <20171017165708.GE1214@albert.catwhisker.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 17, 2017 at 9:57 AM, David Wolfskill <david@catwhisker.org>
wrote:

> On Tue, Oct 17, 2017 at 12:51:23PM -0400, Allan Jude wrote:
> > ....
> > > Question:  Should one expect a wpa_supplicant-2.6_2 executable built
> > > under FreeBSD stable/11 (amd64) to work on the same hardware, but
> > > running head?
> >
> > Did you run the version from ports, or did you run the base /etc/rc.d
> > script with your rc.conf set to point to the ports binary? This will run
> > the command with -c /etc/wpa_supplicant.conf overriding the ports
> default.
> >
> > So this is expected to work in this way.
>
> Ah.  When I installed the port, I was reminded:
>
> | ...
> | ===>   Registering installation for wpa_supplicant-2.6_2
> | Installing wpa_supplicant-2.6_2...
> | To use the ports version of WPA Supplicant instead of the base, add:
> |
> |     wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"
> |
> | to /etc/rc.conf
> |
> | ===> SECURITY REPORT:
> | ....
>
> So I did that.  I did not do anything to the existing
> /etc/rc.d/wpa_supplicant, which had been installed as part of base
> FreeBSD.
>
> > ....
>
> Peace,
> david
> --
> David H. Wolfskill                              david@catwhisker.org
> Unsubstantiated claims of "Fake News" are evidence that the claimant lies
> again.
>
> See http://www.catwhisker.org/~david/publickey.gpg for my public key.
>

Possibly silly question, but are any of the defaults for the port different
from those on the base system? DEBUG_* seem most likely to differ, but I'd
like to know if there are any others.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vhUr2nN7tj4pd_q3J62tcXnkh5%2BFXpE3pLDESsLMDFDg>