[Bug 1981646] Re: network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords
Lukas Märdian
1981646 at bugs.launchpad.net
Tue Jan 24 17:04:26 UTC 2023
Thank you for the suggestions in comment #1.
(2) has been implemented in:
https://github.com/canonical/netplan/pull/300
(1) got implemented just now, to be reflected in our docs:
https://netplan.readthedocs.io/en/latest/reference.html
https://github.com/canonical/netplan/commit/db043801d0d7838d84cb7d0e4e07b6088e2d5771
I'll keep this bug open as a feature request (wishlist) to consider the
implementation of (3)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1981646
Title:
network v2: do not render world-readable netplan when wifi or auth
config contains sensitive passwords
Status in cloud-init:
Triaged
Status in netplan:
Triaged
Bug description:
https://netplan.io/reference/ supports wifi password and auto client-
key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make
sense for cloud-init to either:
1. Make /etc/netplan/50-cloud-init.yaml only root-readable
- OR -
2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys except wifis and auth and a root-readable /etc/netplan/50-cloud-init-sensitive.yaml which would contain any security sensitive config content.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1981646/+subscriptions
More information about the foundations-bugs
mailing list