[arch-projects] [netctl][PATCH] Set a global restrictive umask

Netctl files can potentially contain passwords or execute code as root. Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com> --- src/lib/globals | 2 ++ src/lib/wpa | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/globals b/src/lib/globals index 5926472..a2a281f 100644 --- a/src/lib/globals +++ b/src/lib/globals @@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections" STATE_DIR="/run/network" STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}" +umask 077 + ### Logging/Error reporting diff --git a/src/lib/wpa b/src/lib/wpa index dea95d5..6f21c0f 100644 --- a/src/lib/wpa +++ b/src/lib/wpa @@ -198,7 +198,6 @@ wpa_make_config_file() { report_debug "Could not create the configuration file '$config_file'" return 1 fi - chmod 600 "$config_file" echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file" echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file" -- 1.8.4.1