[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which X11 app can show wifi info



On 2022-06-15 09:43:50 +0300, Reco wrote:
> 	Hi.
> 
> On Wed, Jun 15, 2022 at 03:30:53AM +0200, Vincent Lefevre wrote:
> > On 2022-06-14 15:43:40 +0100, Brian wrote:
> > > On Tue 14 Jun 2022 at 13:15:56 +0200, Vincent Lefevre wrote:
> > > > No issues with iwlist and nmcli.
> > > 
> > > /usr/sbin/wpa_gui and /sbin/wpa_cli should both give sensible outputs
> > > when run as root.
> > 
> > For security reasons, I don't want to run them as root.
> 
> First example they provide in wpa_supplicant.conf(5) shows the way to
> use wpa_cli sensibly without being root.
> One just needs to define a group for wpa_supplicant's control socket, like this:
> 
> ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev

This is either overkill (with a security risk, e.g. if this can allow
the user to become root), or Debian should have done that by default.

> Add a user to a netdev group and you're set.

I'm already in the netdev group (this was done automatically at Debian
installation time).

> > The iwlist and nmcli utilities don't need root to work correctly.
> 
> I don't know about iwlist, but nmcli uses dbus to communicate with
> NetworkManager. From the security standpoint, such approach clearly
> loses to the simple unix socket communication restricted by natural
> POSIX permissions.

Actually, that's iwconfig that gives interesting information, such
as the current ESSID, and it doesn't need to be run as root either.
According to strace, it uses a socket and various SIOCGIW* ioctl
calls, e.g. SIOCGIWESSID. I suppose that this is a bit like

http://papermint-designs.com/dmo-blog/2016-08-how-to-get-the-essid-of-the-wifi-network-you-are-connected-to-

(the author also used strace on iwconfig to find the method).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


Reply to: