secret_key file is created with incorrect file mode (0055="----r-xr-x")
OS: Ubuntu 19.04 Disco Dingo, network-manager: 1.16.0-0ubuntu2
The file /var/lib/NetworkManager/secret_key
is recreated with access rights 0055
after being deleted.
The cause could be the commit dbcb1d6d, file src/nm-core-utils.c
:
- key_mask = umask (0077);
- if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) {
- g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");
- key_len = 0;
- }
- umask (key_mask);
+ /* the secret-key is binary. Still, ensure that it's NULL terminated, just like
+ * g_file_set_contents() does. */
+ secret_key[32] = '\0';
+
+ if (!nm_utils_random_bytes (secret_key, key_len)) {
+ nm_log_warn (LOGD_CORE, "secret-key: failure to generate good random data for secret-key (use non-persistent key)");
+ success = FALSE;
+ goto out;
+ }
+
+ if (!nm_utils_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, 0077, &error)) {
+ nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)",
+ NMSTATEDIR "/secret_key", error->message);
+ success = FALSE;
+ goto out;
0077
has been used as an umask before, but now it is passed as a file mode to nm_utils_file_set_contents()
:
gboolean nm_utils_file_set_contents (const char *filename,
const char *contents,
gssize length,
mode_t mode,
GError **error);