[GH-ISSUE #104] [security] Does the private key need 0644 #802

New Issue

Closed

opened 2026-04-19 14:17:09 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-04-19 14:17:09 -05:00

Owner

Copy Link

Originally created by @LaurenceJJones on GitHub (Aug 11, 2025).
Original GitHub issue: https://github.com/fosrl/newt/issues/104

Originally assigned to: @oschwartz10612 on GitHub.

151d0e38e6/wg/wg.go (L173)

151d0e38e6/wgnetstack/wgnetstack.go (L199)

As the title states 0644 open read access to public/guest which a secret key should primarily be 0600 so only the user or 0640 for user/group has read access. I dont see why a external none defined user should have read access to the private key file unless newt drops permissions to a lower user.

Originally created by @LaurenceJJones on GitHub (Aug 11, 2025). Original GitHub issue: https://github.com/fosrl/newt/issues/104 Originally assigned to: @oschwartz10612 on GitHub. https://github.com/fosrl/newt/blob/151d0e38e6b6f63335d9a1023bb8d2da2d3bccb0/wg/wg.go#L173 https://github.com/fosrl/newt/blob/151d0e38e6b6f63335d9a1023bb8d2da2d3bccb0/wgnetstack/wgnetstack.go#L199 As the title states 0644 open read access to public/guest which a secret key should primarily be 0600 so only the user or 0640 for user/group has read access. I dont see why a external none defined user should have read access to the private key file unless newt drops permissions to a lower user.

GiteaMirror closed this issue 2026-04-19 14:17:11 -05:00

GiteaMirror commented 2026-04-19 14:17:13 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Aug 11, 2025):

Good point I think you are right we should make it 0600 as is customary! I dont see a reason not to right now. Docker might get funny but it should always be the same user inside of docker.

<!-- gh-comment-id:3175314053 --> @oschwartz10612 commented on GitHub (Aug 11, 2025): Good point I think you are right we should make it 0600 as is customary! I dont see a reason not to right now. Docker might get funny but it should always be the same user inside of docker.

GiteaMirror commented 2026-04-19 14:17:14 -05:00

Author

Owner

Copy Link

@LaurenceJJones commented on GitHub (Aug 11, 2025):

Note you may want to also check gerbil as I think it has the same 0644 writes.

Also thanks for quick response! ❤️

<!-- gh-comment-id:3175398791 --> @LaurenceJJones commented on GitHub (Aug 11, 2025): Note you may want to also check gerbil as I think it has the same `0644` writes. Also thanks for quick response! ❤️

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/prod-patch-updates-6805a9e229

dependabot/go_modules/golang.zx2c4.com/wireguard/windows-1.0.1

dependabot/docker/minor-updates-1134f52710

dev

fix-nix

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0

dependabot/github_actions/softprops/action-gh-release-3.0.0

logging-provision

1.12.3

1.12.2

v1.12.2

1.12.1

v1.12.1

1.12.0

v1.12.0

v1.12.0-rc.1

1.12.0-rc.0

1.11.0

v1.11.0

1.10.4

1.10.3

v1.10.3

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

dependencies

enhancement

good first issue

help wanted

Improvement

needs investigating

pull-request

Mirrored from GitHub Pull Request

stale

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#802