[Bug 1981646] [NEW] network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords
Launchpad Bug Tracker
1981646 at bugs.launchpad.net
Tue Dec 13 16:48:29 UTC 2022
You have been subscribed to a public bug by Ćukasz Zemczak (sil2100):
https://netplan.io/reference/ supports wifi password and auto client-
key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make sense
for cloud-init to either:
1. Make /etc/netplan/50-cloud-init.yaml only root-readable
- OR -
2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys except wifis and auth and a root-readable /etc/netplan/50-cloud-init-sensitive.yaml which would contain any security sensitive config content.
** Affects: cloud-init
Importance: Low
Status: Triaged
** Affects: netplan
Importance: Wishlist
Status: Triaged
** Tags: fr-2562
--
network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords
https://bugs.launchpad.net/bugs/1981646
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to the bug report.
More information about the foundations-bugs
mailing list