On Tue, Jul 29, 2008 at 02:59:54PM +0900, David Smith wrote: > Jouni Malinen <[EMAIL PROTECTED]> writes: > > wpa_supplicant 0.6.x has support for privilege separation that allows > > the wpa_supplicant process to be run as any user (wpa_priv process will > > be used for operations that require root access). Actually, this moves > > even more than all crypto into non-root user context.
> Can this already be used for pkcs#11 operations? If it is alright for the system to run wpa_supplicant as the current user (however that is defined in multiuser systems..), yes, PKCS#11 operations would indeed be run as a non-root user along with all the other authentication functionality. This would require that whatever is starting wpa_supplicant knows how to start it with the current user, though, since wpa_supplicant itself does not do use setuid() (etc.) to change the UID. -- Jouni Malinen PGP id EFC895FA _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
