any netplan config for wifi devices should not be world readable
Bug #1726651 reported by
Michael Hudson-Doyle
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cloud-init |
Expired
|
Medium
|
Unassigned | ||
| curtin |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
Currently, as near as I can tell, curtin writes netplan config to a world readable file in /etc/cloud/ and cloud-init writes it to a world readable file in /etc/netplan. But if there are any wpa2 psks in the config they should be put in a 0600 file.
This doesn't really make any sense for actual clouds, but subiquity should be able to get this right.
One way to do this would be for cloud-init to check through the provided config and put wifis in a separate file or another would be for there to be a way to direct cloud-init to write different parts of the netplan config to different files and a way to set the modes of those files (neither of which appears to be possible today), and for curtin to make use of that. I don't really care :)
| tags: | added: id-59ea6cab4da427a5652de7a3 |
| tags: | added: id-59ea6cd3cd57bbca34370d52 |
| Changed in cloud-init: | |
| status: | New → Confirmed |
| Changed in curtin: | |
| status: | New → Confirmed |
| Changed in cloud-init: | |
| importance: | Undecided → Medium |
| Changed in curtin: | |
| importance: | Undecided → Medium |
Revision history for this message
| James Falcon (falcojr) wrote | #1 |
| Changed in cloud-init: | |
| status: | Confirmed → Expired |
To post a comment you must log in.
Tracked in Github Issues as https:/