Public bug reported:
https://netplan.io/reference/ supports wifi password and auto client-
key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a
single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make sense
for cloud-init to either:
1. Make /etc/netplan/50-cloud-init.yaml only root-readable
- OR -
2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys
except wifis and auth and a root-readable
/etc/netplan/50-cloud-init-sensitive.yaml which would contain any security
sensitive config content.
** Affects: cloud-init
Importance: Low
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1981646
Title:
network v2: do not render world-readable netplan when wifi or auth
config contains sensitive passwords
Status in cloud-init:
New
Bug description:
https://netplan.io/reference/ supports wifi password and auto client-
key-password keys which should generally not be world-readable.
But, when rendering passthrough V2 network configuration, cloud-init emits a
single /etc/netplan/50-cloud-init.yaml file that is world readable.
If network v2 config contains sensitive password keys it may make
sense for cloud-init to either:
1. Make /etc/netplan/50-cloud-init.yaml only root-readable
- OR -
2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys
except wifis and auth and a root-readable
/etc/netplan/50-cloud-init-sensitive.yaml which would contain any security
sensitive config content.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1981646/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
