diff options
author | nicoo <nicoo@mur.at> | 2023-11-15 15:48:56 +0000 |
---|---|---|
committer | nicoo <nicoo@mur.at> | 2023-12-09 21:33:55 +0000 |
commit | a351c9b530bd7bd385c4f0e89606e09f46f50829 (patch) | |
tree | e2936275ab7bf2b2320804dedb66a4c1ea9fe7d1 /nixos/doc/manual/release-notes/rl-2311.section.md | |
parent | 6ac78f1174be76d961c393d0d1b61967243cf010 (diff) |
nixos/wpa_supplicant: Ensure the generated config isn't world-readable
Otherwise, `environmentFile` cannot be used to pass secrets in.
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2311.section.md')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2311.section.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 5c6bdf97d1203..1aef1828908f8 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -1313,6 +1313,14 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 - When using [split parity files](https://www.snapraid.it/manual#7.1) in `snapraid`, the snapraid-sync systemd service will no longer fail to run. +- `wpa_supplicant`'s configuration file cannot be read by non-root users, and + secrets (such as Pre-Shared Keys) can safely be passed via + `networking.wireless.environmentFile`. + + The configuration file could previously be read, when `userControlled.enable` (non-default), + by users who are in both `wheel` and `userControlled.group` (defaults to `wheel`) + + ## Nixpkgs Library {#sec-release-23.11-nixpkgs-lib} ### Breaking Changes {#sec-release-23.11-lib-breaking} |