From 8a414978b39e784fdabf6895985acc0e054d235c Mon Sep 17 00:00:00 2001 From: Jouke Witteveen Date: Mon, 21 Oct 2013 23:58:11 +0200 Subject: Set a global restrictive umask Netctl files can potentially contain passwords or execute code as root. --- src/lib/globals | 2 ++ src/lib/wpa | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/globals b/src/lib/globals index 5926472..a2a281f 100644 --- a/src/lib/globals +++ b/src/lib/globals @@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections" STATE_DIR="/run/network" STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}" +umask 077 + ### Logging/Error reporting diff --git a/src/lib/wpa b/src/lib/wpa index dea95d5..6f21c0f 100644 --- a/src/lib/wpa +++ b/src/lib/wpa @@ -198,7 +198,6 @@ wpa_make_config_file() { report_debug "Could not create the configuration file '$config_file'" return 1 fi - chmod 600 "$config_file" echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file" echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file" -- cgit v1.2.3-24-g4f1b