Comment 4 for bug 661674

This patch does not use something like the "--" command line option used by the previous ifconfig. I don't think iw supports that notation. Thus - it may be possible for a user to supply an essid that is malicious, passing unusual parameters to iw. Just not sure.