From d8ad40da252c4216ad750736081003ad9f417536 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 8 Nov 2017 18:40:07 +0900 Subject: [PATCH] wg-quick: stat the correct enclosing folder of config file Signed-off-by: Jason A. Donenfeld --- src/wg-quick.bash | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/wg-quick.bash b/src/wg-quick.bash index 88e671f..f69061a 100755 --- a/src/wg-quick.bash +++ b/src/wg-quick.bash @@ -30,7 +30,8 @@ parse_options() { [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist" [[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf" - ((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "/etc/wireguard") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2 + CONFIG_FILE="$(readlink -f "$CONFIG_FILE")" + ((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "${CONFIG_FILE%/*}") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2 INTERFACE="${BASH_REMATCH[1]}" shopt -s nocasematch while read -r line || [[ -n $line ]]; do