wg-quick: stat the correct enclosing folder of config file

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-11-08 18:40:07 +0900
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-11-10 16:20:09 +0900
commit: d8ad40da252c4216ad750736081003ad9f417536 (patch)
tree: 1268badca6e2fa4002b40c960a30805a5ecfa884 /src/wg-quick.bash
parent: wg-quick: save all hooks on save (diff)
download: wireguard-tools-d8ad40da252c4216ad750736081003ad9f417536.tar.xz
wireguard-tools-d8ad40da252c4216ad750736081003ad9f417536.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/wg-quick.bash b/src/wg-quick.bash
index 88e671f..f69061a 100755
--- a/src/wg-quick.bash
+++ b/src/wg-quick.bash
@@ -30,7 +30,8 @@ parse_options() {
 	[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
 	[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
 	[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
-	((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "/etc/wireguard") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
+	CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
+	((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "${CONFIG_FILE%/*}") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
 	INTERFACE="${BASH_REMATCH[1]}"
 	shopt -s nocasematch
 	while read -r line || [[ -n $line ]]; do
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-11-08 18:40:07 +0900
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-11-10 16:20:09 +0900
commit	d8ad40da252c4216ad750736081003ad9f417536 (patch)
tree	1268badca6e2fa4002b40c960a30805a5ecfa884 /src/wg-quick.bash
parent	wg-quick: save all hooks on save (diff)
download	wireguard-tools-d8ad40da252c4216ad750736081003ad9f417536.tar.xz wireguard-tools-d8ad40da252c4216ad750736081003ad9f417536.zip