From 4511b225fb29adf3a54f6da82c3361f7f7cfebff Mon Sep 17 00:00:00 2001
From: John Marino <draco@marino.st>
Date: Tue, 14 Jul 2015 17:11:49 +0200
Subject: [PATCH] WPA Supplicant: Add warning about its use

The wpa_supplicant software in base is three releases behind and likely
full of security holes.  For example, the current release in DPorts has
already had 5 security vulnerabilities patched, but the base version is
not being actively maintained.

The base wpa_supplicant should only be used long enough to be able to
install the latest version from dports.  In order to let sysadmins know
that running it is not the best idea, a 10-second warning will come up
when the base wpa_supplicant is used.

reviewed by: robgar
---
 etc/rc.d/wpa_supplicant | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/etc/rc.d/wpa_supplicant b/etc/rc.d/wpa_supplicant
index 8366249aa7..cfa3c32a8b 100644
--- a/etc/rc.d/wpa_supplicant
+++ b/etc/rc.d/wpa_supplicant
@@ -12,7 +12,7 @@
 
 name="wpa_supplicant"
 rcvar=
-command="/usr/sbin/${name}"
+command="/usr/sbin/wpa_supplicant"
 conf_file="/etc/wpa_supplicant.conf"
 
 start_precmd="wpa_supplicant_precmd"
@@ -27,6 +27,22 @@ wpa_supplicant_postcmd()
 #	while ! ifconfig $ifn | grep -qw "status: associated"; do
 #		sleep 1
 #	done
+	if [ "${command}" = "/usr/sbin/wpa_supplicant" ];
+	then
+		cat << EOF
+         ==============================================================
+         =              WARNING  *  SECURITY  *  WARNING              =
+         ==============================================================
+
+The base wpa_supplicant is running.  This version is several releases behind
+and is not patched for security vulnerabilities.  It is highly recommended
+that the DPorts version be run instead.  Instructions to switch here:
+
+http://www.dragonflybsd.org/docs/docs/newhandbook/WirelessNetwork/#index1h2
+
+EOF
+		sleep 10
+	fi
 }
 
 ifn="$2"
-- 
2.41.0