diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-01 22:05:19 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-02 02:45:53 +0200 |
| commit | adabefffec98703826529a769c386f1a9cf4f5ae (patch) | |
| tree | 10f8d6e89aa3bf8c422015db20740f64eb8f2c8c /src/tools/wg-quick.bash | |
| parent | wg-quick: verify wireguard interface in more clever way (diff) | |
| download | wireguard-monolithic-historical-adabefffec98703826529a769c386f1a9cf4f5ae.tar.xz wireguard-monolithic-historical-adabefffec98703826529a769c386f1a9cf4f5ae.zip | |
wg-quick: check permissions of parent directory
Also prefix octal 0, in case these files are actually of modes that
don't start with 0 by accident (such as SUID or sticky bit).
Diffstat (limited to 'src/tools/wg-quick.bash')
| -rwxr-xr-x | src/tools/wg-quick.bash | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/tools/wg-quick.bash b/src/tools/wg-quick.bash index 5295c8b..015df85 100755 --- a/src/tools/wg-quick.bash +++ b/src/tools/wg-quick.bash @@ -30,7 +30,7 @@ parse_options() { [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist" [[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf" - ((($(stat -c '%#a' "$CONFIG_FILE") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2 + ((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "/etc/wireguard") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2 INTERFACE="${BASH_REMATCH[1]}" shopt -s nocasematch while read -r line || [[ -n $line ]]; do |