any netplan config for wifi devices should not be world readable

Bug #1726651 reported by Michael Hudson-Doyle on 2017-10-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Medium
Unassigned
curtin
Medium
Unassigned

Bug Description

Currently, as near as I can tell, curtin writes netplan config to a world readable file in /etc/cloud/ and cloud-init writes it to a world readable file in /etc/netplan. But if there are any wpa2 psks in the config they should be put in a 0600 file.

This doesn't really make any sense for actual clouds, but subiquity should be able to get this right.

One way to do this would be for cloud-init to check through the provided config and put wifis in a separate file or another would be for there to be a way to direct cloud-init to write different parts of the netplan config to different files and a way to set the modes of those files (neither of which appears to be possible today), and for curtin to make use of that. I don't really care :)

tags: added: id-59ea6cab4da427a5652de7a3
tags: added: id-59ea6cd3cd57bbca34370d52
Scott Moser (smoser) on 2017-10-24
Changed in cloud-init:
status: New → Confirmed
Changed in curtin:
status: New → Confirmed
Changed in cloud-init:
importance: Undecided → Medium
Changed in curtin:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers