[arch-projects] [netctl][PATCH] Set a global restrictive umask
Jouke Witteveen
j.witteveen at gmail.com
Wed Oct 23 08:06:48 EDT 2013
Netctl files can potentially contain passwords or execute code as root.
Signed-off-by: Jouke Witteveen <j.witteveen at gmail.com>
---
src/lib/globals | 2 ++
src/lib/wpa | 1 -
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/globals b/src/lib/globals
index 5926472..a2a281f 100644
--- a/src/lib/globals
+++ b/src/lib/globals
@@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections"
STATE_DIR="/run/network"
STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}"
+umask 077
+
### Logging/Error reporting
diff --git a/src/lib/wpa b/src/lib/wpa
index dea95d5..6f21c0f 100644
--- a/src/lib/wpa
+++ b/src/lib/wpa
@@ -198,7 +198,6 @@ wpa_make_config_file() {
report_debug "Could not create the configuration file '$config_file'"
return 1
fi
- chmod 600 "$config_file"
echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file"
echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file"
--
1.8.4.1
More information about the arch-projects
mailing list