← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #89351

[Bug 1981646] Re: network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords

  Thread PreviousDate PreviousThread Next 
Alternative solution to this could be if netplan.io grows a new root-
only directory option that defines a schema for storing sensitive
information like credentials. Not sure if this is something netplan.io
would plan to grow or not. Tagging netplan.io on this bug as an FYI
`wishlist` in case future feature work goes this direction.

The features that may be nice from netplan frm a usability standpoint:
 1. documented policy that suggests chmod 600 on any netplan YAML
 2. Instrumented policy in `netplan generate` or `netplan apply` that warns about world-readable files consumed which happen to contain security-related keys.
 3. Ideally, sensitive YAML content root-only files wouldn't live in with world-readable content in /etc/netplan/* files. Possibly define a sensitive/security/credentials subdirectory/schema that could contain the security bits.

This is probably not the bug to file against netplan.io as it contains
multiple feature request, but I wanted to track the sentiment in case
that effort is becomes something desireable for netplan (and thereby
affecting how cloud-init should write out sensitive files).


** Also affects: netplan
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1981646

Title:
  network v2: do not render world-readable netplan when wifi or auth
  config contains sensitive passwords

Status in cloud-init:
  Triaged
Status in netplan:
  New

Bug description:
  https://netplan.io/reference/ supports wifi password and auto client-
  key-password keys which should generally not be world-readable.

  
  But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/50-cloud-init.yaml file that is world readable.

  If network v2 config contains sensitive password keys it may make
  sense for cloud-init to either:

  1. Make /etc/netplan/50-cloud-init.yaml only root-readable
  - OR -
  2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys except wifis and auth  and a root-readable /etc/netplan/50-cloud-init-sensitive.yaml  which would contain any security sensitive config content.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1981646/+subscriptions

References

  Thread PreviousDate PreviousThread Next