sensitive config files are world-readable
Bug #1862600 reported by
Rolf Leggewie
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
$ ll /etc/netplan/0*
-rw-r--r-- 1 root root 49 Apr 11 2018 /etc/netplan/
-rw-r--r-- 1 root root 293 Apr 11 2018 /etc/netplan/
/etc/netplan/
tags: | added: community-security |
affects: | plan (Ubuntu) → netplan.io (Ubuntu) |
information type: | Public → Public Security |
tags: | removed: community-security |
Changed in netplan.io (Ubuntu): | |
status: | New → Confirmed |
tags: | added: rls-ff-incoming |
tags: |
added: rls-bb-incoming removed: rls-ff-incoming |
To post a comment you must log in.
We actually want to recommend the usage of mode 600 (-rw-------), i.e. owner (root) read-only, from a Netplan POV.
And updated our internal code accordingly, in addition to printing a warning if more open permissions are being used: https:/ /github. com/canonical/ netplan/ pull/300