Commit 8a414978 authored by Jouke Witteveen's avatar Jouke Witteveen
Browse files

Set a global restrictive umask

Netctl files can potentially contain passwords or execute code as root.
parent 755c8d5a
...@@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections" ...@@ -5,6 +5,8 @@ CONN_DIR="$SUBR_DIR/connections"
STATE_DIR="/run/network" STATE_DIR="/run/network"
STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}" STATE_FILE="${NETCTL_STATE_FILE:-/var/lib/netctl/netctl.state}"
umask 077
### Logging/Error reporting ### Logging/Error reporting
......
...@@ -198,7 +198,6 @@ wpa_make_config_file() { ...@@ -198,7 +198,6 @@ wpa_make_config_file() {
report_debug "Could not create the configuration file '$config_file'" report_debug "Could not create the configuration file '$config_file'"
return 1 return 1
fi fi
chmod 600 "$config_file"
echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file" echo "ctrl_interface=/run/wpa_supplicant" >> "$config_file"
echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file" echo "ctrl_interface_group=${WPAGroup:-wheel}" >> "$config_file"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment