wireguard: netdev file can leak private key
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Netplan |
Triaged
|
High
|
Unassigned | |||
| netplan.io (Ubuntu) | Status tracked in Oracular | |||||
| Focal |
New
|
Undecided
|
Unassigned | |||
| Jammy |
New
|
Undecided
|
Unassigned | |||
| Mantic |
New
|
Undecided
|
Unassigned | |||
| Noble |
New
|
Undecided
|
Unassigned | |||
| Oracular |
New
|
Undecided
|
Unassigned | |||
Bug Description
When using netplan with wireguard, netplan will render the /run/systemd/
That file contains the wireguard private key, which, if specified literally (instead of using a file), will leak that key to all local users of the system. This may not be desirable.
For example, I have this yaml in /etc/netplan/
network:
version: 2
tunnels:
home0:
mode: wireguard
key: <base64 private key contents>
port: 51000
addresses: [10.10.11.2/24]
peers:
- keys:
public: <base64 public key contents>
endpoint: 10.48.132.39:51000
routes:
- to: 10.10.10.0/24
from: 10.10.11.2
scope: link
When that is rendered and applied with `netplan apply`, this error is logged in /var/log/syslog:
Aug 26 14:23:30 laptop-coffee-shop systemd-
And indeed, that file contains the same literal private key, as expected:
# cat /run/systemd/
[NetDev]
Name=home0
Kind=wireguard
[WireGuard]
PrivateKey=<base64 private key contents>
ListenPort=51000
[WireGuardPeer]
PublicKey=<base64 public key contents>
AllowedIPs=
Endpoint=
Its permissions should probably be 0640 root:systemd-
This is not an issue if the private key is specified via a file, in which case systemd-networkd won't even issue that warning.
CVE References
| Lukas Märdian (slyon) wrote | #1 |
| Changed in netplan: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: fr-2634 |
| tags: | added: foundations-todo |
| Lukas Märdian (slyon) wrote | #2 |
| Mark Esler (eslerm) wrote | #3 |
| tags: | removed: foundations-todo |
ACK. The rendered files should not be world readable.