any netplan config for wifi devices should not be world readable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Medium
|
Unassigned | ||
curtin |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Currently, as near as I can tell, curtin writes netplan config to a world readable file in /etc/cloud/ and cloud-init writes it to a world readable file in /etc/netplan. But if there are any wpa2 psks in the config they should be put in a 0600 file.
This doesn't really make any sense for actual clouds, but subiquity should be able to get this right.
One way to do this would be for cloud-init to check through the provided config and put wifis in a separate file or another would be for there to be a way to direct cloud-init to write different parts of the netplan config to different files and a way to set the modes of those files (neither of which appears to be possible today), and for curtin to make use of that. I don't really care :)
tags: | added: id-59ea6cab4da427a5652de7a3 |
tags: | added: id-59ea6cd3cd57bbca34370d52 |
Changed in cloud-init: | |
status: | New → Confirmed |
Changed in curtin: | |
status: | New → Confirmed |
Changed in cloud-init: | |
importance: | Undecided → Medium |
Changed in curtin: | |
importance: | Undecided → Medium |
Tracked in Github Issues as https:/ /github. com/canonical/ cloud-init/ issues/ 3039