yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1726651] [NEW] any netplan config for wifi devices should not be world readable

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michael Hudson-Doyle <mwhudsonlp@xxxxxxxxxxx>
Date: Tue, 24 Oct 2017 01:05:05 -0000
Reply-to: Bug 1726651 <1726651@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Currently, as near as I can tell, curtin writes netplan config to a
world readable file in /etc/cloud/ and cloud-init writes it to a world
readable file in /etc/netplan. But if there are any wpa2 psks in the
config they should be put in a 0600 file.

This doesn't really make any sense for actual clouds, but subiquity
should be able to get this right.

One way to do this would be for cloud-init to check through the provided
config and put wifis in a separate file or another would be for there to
be a way to direct cloud-init to write different parts of the netplan
config to different files and a way to set the modes of those files
(neither of which appears to be possible today), and for curtin to make
use of that. I don't really care :)

** Affects: cloud-init
     Importance: Undecided
         Status: New

** Affects: curtin
     Importance: Undecided
         Status: New

** Also affects: curtin
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1726651

Title:
  any netplan config for wifi devices should not be world readable

Status in cloud-init:
  New
Status in curtin:
  New

Bug description:
  Currently, as near as I can tell, curtin writes netplan config to a
  world readable file in /etc/cloud/ and cloud-init writes it to a world
  readable file in /etc/netplan. But if there are any wpa2 psks in the
  config they should be put in a 0600 file.

  This doesn't really make any sense for actual clouds, but subiquity
  should be able to get this right.

  One way to do this would be for cloud-init to check through the
  provided config and put wifis in a separate file or another would be
  for there to be a way to direct cloud-init to write different parts of
  the netplan config to different files and a way to set the modes of
  those files (neither of which appears to be possible today), and for
  curtin to make use of that. I don't really care :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1726651/+subscriptions

Follow ups

[Bug 1726651] Re: any netplan config for wifi devices should not be world readable
From: James Falcon, 2023-05-11