wireguard: netdev file can leak private key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Netplan |
Fix Released
|
High
|
Unassigned | ||
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned | ||
Oracular |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When using netplan with wireguard, netplan will render the /run/systemd/
That file contains the wireguard private key, which, if specified literally (instead of using a file), will leak that key to all local users of the system. This may not be desirable.
For example, I have this yaml in /etc/netplan/
network:
version: 2
tunnels:
home0:
mode: wireguard
key: <base64 private key contents>
port: 51000
addresses: [10.10.11.2/24]
peers:
- keys:
public: <base64 public key contents>
endpoint: 10.48.132.39:51000
routes:
- to: 10.10.10.0/24
from: 10.10.11.2
scope: link
When that is rendered and applied with `netplan apply`, this error is logged in /var/log/syslog:
Aug 26 14:23:30 laptop-coffee-shop systemd-
And indeed, that file contains the same literal private key, as expected:
# cat /run/systemd/
[NetDev]
Name=home0
Kind=wireguard
[WireGuard]
PrivateKey=<base64 private key contents>
ListenPort=51000
[WireGuardPeer]
PublicKey=<base64 public key contents>
AllowedIPs=
Endpoint=
Its permissions should probably be 0640 root:systemd-
This is not an issue if the private key is specified via a file, in which case systemd-networkd won't even issue that warning.
ACK. The rendered files should not be world readable.