yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1726651] Re: any netplan config for wifi devices should not be world readable

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1726651@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 May 2023 06:56:36 -0000
Reply-to: Bug 1726651 <1726651@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/3039

** Bug watch added: github.com/canonical/cloud-init/issues #3039
   https://github.com/canonical/cloud-init/issues/3039

** Changed in: cloud-init
       Status: Confirmed => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1726651

Title:
  any netplan config for wifi devices should not be world readable

Status in cloud-init:
  Expired
Status in curtin:
  Confirmed

Bug description:
  Currently, as near as I can tell, curtin writes netplan config to a
  world readable file in /etc/cloud/ and cloud-init writes it to a world
  readable file in /etc/netplan. But if there are any wpa2 psks in the
  config they should be put in a 0600 file.

  This doesn't really make any sense for actual clouds, but subiquity
  should be able to get this right.

  One way to do this would be for cloud-init to check through the
  provided config and put wifis in a separate file or another would be
  for there to be a way to direct cloud-init to write different parts of
  the netplan config to different files and a way to set the modes of
  those files (neither of which appears to be possible today), and for
  curtin to make use of that. I don't really care :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1726651/+subscriptions

References

[Bug 1726651] [NEW] any netplan config for wifi devices should not be world readable
From: Michael Hudson-Doyle, 2017-10-24