This document describes various tasks and features that are wanted or in-progress.
Not all DBus commands are currently used in wfanctl. However, the most prominent
commands are implemented (get, set, status...)
Since WPAN Tunnel Driver communicates directly with the dangerous
uncontrolled real-world, additional hardening is warranted. The
following tasks are important for hardening wfantund from malicious foes:
- Investigate ways to harden the process by Limiting kernel attackable
surface-area by using a syscall filter like
libseccomp. - Full security audit of code paths which directly interpret data from the NCP. Should be performed after the refactoring described above.
- Provide more behavioral logic in the
NCPInstanceBaseclass.