Re: which X11 app can show wifi info
On Wed, Jun 15, 2022 at 11:33:00AM +0200, Vincent Lefevre wrote:
> On 2022-06-15 09:43:50 +0300, Reco wrote:
> > Hi.
> >
> > On Wed, Jun 15, 2022 at 03:30:53AM +0200, Vincent Lefevre wrote:
> > > On 2022-06-14 15:43:40 +0100, Brian wrote:
> > > > On Tue 14 Jun 2022 at 13:15:56 +0200, Vincent Lefevre wrote:
> > > > > No issues with iwlist and nmcli.
> > > >
> > > > /usr/sbin/wpa_gui and /sbin/wpa_cli should both give sensible outputs
> > > > when run as root.
> > >
> > > For security reasons, I don't want to run them as root.
> >
> > First example they provide in wpa_supplicant.conf(5) shows the way to
> > use wpa_cli sensibly without being root.
> > One just needs to define a group for wpa_supplicant's control socket, like this:
> >
> > ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
>
> This is either overkill (with a security risk, e.g. if this can allow
> the user to become root),
It cannot allow that, barring the security bugs in wpa_supplicant.
It does give the user full control over a wpa_supplicant process though
(i.e. associate with arbitrary AP, terminate the process, etc).
> or Debian should have done that by default.
That's my option too, but wpasupplicant package does not provide
wpa_supplicant.conf by default.
README.Debian should mention that bit of configuration probably.
> > > The iwlist and nmcli utilities don't need root to work correctly.
> >
> > I don't know about iwlist, but nmcli uses dbus to communicate with
> > NetworkManager. From the security standpoint, such approach clearly
> > loses to the simple unix socket communication restricted by natural
> > POSIX permissions.
>
> Actually, that's iwconfig that gives interesting information, such
> as the current ESSID, and it doesn't need to be run as root either.
So is "iw dev ... info", which uses "modern" communication via
AF_NETLINK socket.
Reco
Reply to: