On Wed, Oct 16, 2024 at 04:35:10PM +0200, Olaf Hering wrote:
> Align permissions of the resulting .nmconnection file, instead of
> the input file from hv_kvp_daemon. To avoid the tiny time frame
> where the output file is world-readable, use umask instead of chmod.
>
> Fixes: 42999c90 ("Support for keyfile based connection profile")
>
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
> ---
> tools/hv/hv_set_ifconfig.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/hv/hv_set_ifconfig.sh b/tools/hv/hv_set_ifconfig.sh
> index 440a91b35823..2f8baed2b8f7 100755
> --- a/tools/hv/hv_set_ifconfig.sh
> +++ b/tools/hv/hv_set_ifconfig.sh
> @@ -81,7 +81,7 @@ echo "ONBOOT=yes" >> $1
>
> cp $1 /etc/sysconfig/network-scripts/
>
> -chmod 600 $2
> +umask 0177
> interface=$(echo $2 | awk -F - '{ print $2 }')
> filename="${2##*/}"
>
Thanks Olaf, the changes look good to me.
Reviewed-by: Shradha Gupta <shradhagupta@xxxxxxxxxxxxxxxxxxx>
