From 26f86d500e82c68fd46dc6328df1e1422bf57cb5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 8 Apr 2019 03:48:57 +0900 Subject: [PATCH] network: warn when wireguard keys are stored in world readable files --- src/network/netdev/wireguard.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 0b61896..5fac92a 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -494,6 +494,9 @@ static int wireguard_decode_key_and_warn( return 0; } + if (!streq(lvalue, "PublicKey")) + (void) warn_file_is_world_accessible(filename, NULL, unit, line); + r = unbase64mem_full(rvalue, strlen(rvalue), true, &key, &len); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, -- 2.7.4