diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-01-05 19:57:50 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-01-09 00:22:21 +0100 |
commit | 0b711689b39bc9f5bd17457ecc3ec5723f6f7f5c (patch) | |
tree | 04fac1a377cfdf228b89eaad21ddbd968a136061 /src/tools/wg-quick.bash | |
parent | tools: add installation note for distros (diff) | |
download | wireguard-monolithic-historical-0b711689b39bc9f5bd17457ecc3ec5723f6f7f5c.tar.xz wireguard-monolithic-historical-0b711689b39bc9f5bd17457ecc3ec5723f6f7f5c.zip |
tools: wg-quick: enforce good permissions
Diffstat (limited to '')
-rwxr-xr-x | src/tools/wg-quick.bash | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tools/wg-quick.bash b/src/tools/wg-quick.bash index e686d73..c9157ad 100755 --- a/src/tools/wg-quick.bash +++ b/src/tools/wg-quick.bash @@ -27,6 +27,7 @@ parse_options() { [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist" [[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf" + ((($(stat -c '%#a' "$CONFIG_FILE") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2 INTERFACE="${BASH_REMATCH[1]}" shopt -s nocasematch while read -r line; do |