[Yahoo-eng-team] [Bug 1981646] Re: network v2: do not render world-readable netplan when wifi or auth config contains sensitive passwords

Tue, 19 Jul 2022 10:35:54 -0700 

Alternative solution to this could be if netplan.io grows a new root-
only directory option that defines a schema for storing sensitive
information like credentials. Not sure if this is something netplan.io
would plan to grow or not. Tagging netplan.io on this bug as an FYI
`wishlist` in case future feature work goes this direction.

The features that may be nice from netplan frm a usability standpoint:
 1. documented policy that suggests chmod 600 on any netplan YAML
 2. Instrumented policy in `netplan generate` or `netplan apply` that warns 
about world-readable files consumed which happen to contain security-related 
keys.
 3. Ideally, sensitive YAML content root-only files wouldn't live in with 
world-readable content in /etc/netplan/* files. Possibly define a 
sensitive/security/credentials subdirectory/schema that could contain the 
security bits.

This is probably not the bug to file against netplan.io as it contains
multiple feature request, but I wanted to track the sentiment in case
that effort is becomes something desireable for netplan (and thereby
affecting how cloud-init should write out sensitive files).


** Also affects: netplan
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1981646

Title:
  network v2: do not render world-readable netplan when wifi or auth
  config contains sensitive passwords

Status in cloud-init:
  Triaged
Status in netplan:
  New

Bug description:
  https://netplan.io/reference/ supports wifi password and auto client-
  key-password keys which should generally not be world-readable.

  
  But, when rendering passthrough V2 network configuration, cloud-init emits a 
single /etc/netplan/50-cloud-init.yaml file that is world readable.

  If network v2 config contains sensitive password keys it may make
  sense for cloud-init to either:

  1. Make /etc/netplan/50-cloud-init.yaml only root-readable
  - OR -
  2. Write a world-readable /etc/netplan/50-cloud-init.yaml containing all keys 
except wifis and auth  and a root-readable 
/etc/netplan/50-cloud-init-sensitive.yaml  which would contain any security 
sensitive config content.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1981646/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to