Bug#1031375: wpa_cli: non-root server may be unable to reply to wpa_cli

Wed, 15 Feb 2023 15:21:26 -0800 

Package: wpasupplicant
Version: 2:2.10-11

Dear Maintainer,

I configured wpa_supplicant to run as a non-root user (with CAP_NET_RAW
and CAP_NET_ADMIN as the README suggests), and found that wpa_cli would
hang on startup when trying to connect to it.  strace shows that wpa_cli
creates named sockets in /tmp (despite $TMPDIR pointing elsewhere):
  bind(3, {sa_family=AF_UNIX, sun_path="/tmp/wpa_ctrl_4848-1"}, 110) = 0
  bind(4, {sa_family=AF_UNIX, sun_path="/tmp/wpa_ctrl_4848-2"}, 110) = 0
And then wpa_supplicant cannot reply:
  sendto(12, "OK\n", 3, 0, {sa_family=AF_UNIX, sun_path=
         "/tmp/wpa_ctrl_4824-2"}, 23) = -1 EACCES (Permission denied)
This is due to the umask and uid/gid being applied:
  srwx--x--x 1 michael michael 0 Feb 15 14:10 /tmp/wpa_ctrl_4824-2

A workaround is to set umask to 0 before running wpa_cli.

On Linux, it would be better for wpa_cli to use the "autobind" feature
(see man 7 unix) by calling bind() with addrlen==sizeof(sa_family_t).
This seems to work fine, and then the server needs no special permission
to reply and doesn't need access to /tmp (and the client won't leave
garbage there if it exits abnormally).

Also, maybe wpa_cli's existing Android code to chmod() the socket should
be enabled more widely.  POSIX says, for connect(), that "For SOCK_DGRAM
sockets, the peer address [...] limits the remote sender for subsequent
recv() functions"; so, if anyone other than the server sent messages to
the world-writable socket, the client wouldn't see them.

(I think SOCK_SEQPACKET would be a better fit than SOCK_DGRAM for the
control sockets, but that would require server and client changes.)

- Michael


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-4-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wpasupplicant depends on:
ii  adduser            3.131
ii  libc6              2.36-8
ii  libdbus-1-3        1.14.6-1
ii  libnl-3-200        3.7.0-0.2+b1
ii  libnl-genl-3-200   3.7.0-0.2+b1
ii  libnl-route-3-200  3.7.0-0.2+b1
ii  libpcsclite1       1.9.9-1
ii  libreadline8       8.2-1.3
ii  libssl3            3.0.8-1

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
pn  wpagui                    <none>

-- no debconf information

Attachment: signature.asc
Description: PGP signature

Reply via email to