Wi-Fi Linux network bug found, fixed

These days, most of us can use our Wi-Fi cards on Linux using native drivers. Some of us, though, are still stuck with using Windows drivers on Linux. This kludge is usually done by using the Windows driver with NDISwrapper. Unfortunately, it's recently been discovered that there's a crack in the kludge.

Specifically, Anders Kaseorg, a Linux developer, discovered that NDISwrapper did not correctly handle long ESSIDs (Extended Service Set ID), the optional ID name that's sent from some Wi-Fi access points. According to Kaseorg, "If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service."

Actually, it's bigger than just a problem that could crash a system. Secunia, a security company, stated that "Successful exploitation may allow execution of arbitrary code." In other words, you could use the bug to crack PCs and take control of them.

Fortunately, the bug, which was discovered in early October, already has a fix. Ubuntu has already issued a patch, and the other major Linux distributors are in the process of rolling out fixes for the problem.

As more and more native Linux drivers for hardware appear, this kind of problem should start disappearing. NDISwrapper works by loading a Windows driver for the hardware and then using a NDIS APIs (Network Driver Interface Specification Application Programming Interface) wrapper to bridge the gap between Linux and the driver. This, as you might imagine, works but it can lead to system problems. This isn't the first time that NDISwrapper has given Linux users heartburn.

Starting with Linux 2.6.17 in 2006, though Linux has been working better with Wi-Fi hardware. In return the Wi-Fi chipset OEMs (original equipment manufacturers), like Broadcom and Atheros are releasing native Linux drivers for their hardware and also opening up some of their code.

It's not just the Wi-Fi vendors who are finally picking up the clue that supporting Linux is a good idea. For example, after many false starts, Creative Labs has finally released the source code, under the GPLv2, for its Creative Sound Blaster X-Fi and X-Fi Titanium Series Linux 32bit/64bit audio cards.

The sooner other vendors get on the open-source device support stick, the sooner Linux will be rid of the NDISwrapper kind of security problem. That, in turn, will make life better both for Linux users and device OEMs.