[Yahoo-eng-team] [Bug 1726651] [NEW] any netplan config for wifi devices should not be world readable

Mon, 23 Oct 2017 18:17:09 -0700 

Public bug reported:

Currently, as near as I can tell, curtin writes netplan config to a
world readable file in /etc/cloud/ and cloud-init writes it to a world
readable file in /etc/netplan. But if there are any wpa2 psks in the
config they should be put in a 0600 file.

This doesn't really make any sense for actual clouds, but subiquity
should be able to get this right.

One way to do this would be for cloud-init to check through the provided
config and put wifis in a separate file or another would be for there to
be a way to direct cloud-init to write different parts of the netplan
config to different files and a way to set the modes of those files
(neither of which appears to be possible today), and for curtin to make
use of that. I don't really care :)

** Affects: cloud-init
     Importance: Undecided
         Status: New

** Affects: curtin
     Importance: Undecided
         Status: New

** Also affects: curtin
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1726651

Title:
  any netplan config for wifi devices should not be world readable

Status in cloud-init:
  New
Status in curtin:
  New

Bug description:
  Currently, as near as I can tell, curtin writes netplan config to a
  world readable file in /etc/cloud/ and cloud-init writes it to a world
  readable file in /etc/netplan. But if there are any wpa2 psks in the
  config they should be put in a 0600 file.

  This doesn't really make any sense for actual clouds, but subiquity
  should be able to get this right.

  One way to do this would be for cloud-init to check through the
  provided config and put wifis in a separate file or another would be
  for there to be a way to direct cloud-init to write different parts of
  the netplan config to different files and a way to set the modes of
  those files (neither of which appears to be possible today), and for
  curtin to make use of that. I don't really care :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1726651/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to