diff options
| author | Jouke Witteveen <j.witteveen@gmail.com> | 2013-10-21 23:58:11 +0200 |
|---|---|---|
| committer | Jouke Witteveen <j.witteveen@gmail.com> | 2013-10-23 01:43:26 +0200 |
| commit | 8a414978b39e784fdabf6895985acc0e054d235c (patch) | |
| tree | d5cb11c028e4e1952adf438e8f72cb71aed77c52 | |
| parent | 755c8d5afdaca08ca1732765f30370f752259d4b (diff) | |
| download | netctl-8a414978b39e784fdabf6895985acc0e054d235c.tar.gz netctl-8a414978b39e784fdabf6895985acc0e054d235c.tar.xz | |
Set a global restrictive umask
Netctl files can potentially contain passwords or execute code as root.
| -rw-r--r-- | src/lib/globals | 2 | ||||
| -rw-r--r-- | src/lib/wpa | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/globals b/src/lib/globals index 5926472..a2a281f 100644 --- a/src/lib/globals +++ b/src/lib/globals @@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections" STATE_DIR="/run/network" STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}" +umask 077 + ### Logging/Error reporting diff --git a/src/lib/wpa b/src/lib/wpa index dea95d5..6f21c0f 100644 --- a/src/lib/wpa +++ b/src/lib/wpa @@ -198,7 +198,6 @@ wpa_make_config_file() { report_debug "Could not create the configuration file '$config_file'" return 1 fi - chmod 600 "$config_file" echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file" echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file" |