Data dir permission is too wide #127
Labels
bug
Something isn't working
Comments
ssiuhk
added a commit
to ssiuhk/subspace
that referenced
this issue
Jul 25, 2020
- Changed umask of the user during the section creating configuration files - Added special handling for config.json to update the permission upon next start-up
agonbar
pushed a commit
that referenced
this issue
May 16, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
data dir default permission is too wide, it allows anyone on the system to read confidential information such as private key
To Reproduce
Steps to reproduce the behavior:
data
[-rw-r--r-- root ] data/config.json
[drwxr-xr-x root ] data/wireguard
[drwxr-xr-x root ] data/wireguard/clients
[-rw-r--r-- root ] data/wireguard/clients/null.conf
[drwxr-xr-x root ] data/wireguard/peers
[-rw-r--r-- root ] data/wireguard/peers/null.conf
[-rw-r--r-- root ] data/wireguard/server.conf
[-rw-r--r-- root ] data/wireguard/server.private
[-rw-r--r-- root ] data/wireguard/server.public
3 directories, 6 files
Expected behavior
Configuration files (which may contains confidential information) and private keys should be readable by owner only. Moreover the directory permission can be tighten as well.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: