The 0.6.2 changelog states: * added support for privilege separation (run only minimal part of wpa_supplicant functionality as root and rest as unprivileged, non-root process); see 'Privilege separation' in README for details; this is disabled by default and can be enabled with CONFIG_PRIVSEP=y in .config This is a great security feature which should mitigate the effects of many security flaws in what is a pretty large codebase. There are details at the end of README. I believe the changes that need to be made to gentoo are relatively minor. Although I'm not sure what the effects of wpa_supplicant running as a seperate user (and apps needing to interact with it having to be a member of a group so they can write to its control socket) would be on apps like networkmanager, and what would be the best way to work this into the init system. Reproducible: Always Steps to Reproduce:
Thanks for the suggestion, let's see if anyone in the mobile team is interested in taking this on...
Anyone?
Would that be just only one more line to the ebuild, such like following or would a new USE flag be needed? echo "CONFIG_PRIVSEP=y" >> .config
(In reply to charles17 from comment #3) > Would that be just only one more line to the ebuild, such like following > or would a new USE flag be needed? > > echo "CONFIG_PRIVSEP=y" >> .config also, the wpa_cli within the network service should not use root.
adding a use flag for this called privsep in 2.6-r4. open a new bug for anything unrelated to privsep