wg-quick: stat the correct enclosing folder of config file

author Jason A. Donenfeld <Jason@zx2c4.com>

Wed, 8 Nov 2017 09:40:07 +0000 (18:40 +0900)

committer Jason A. Donenfeld <Jason@zx2c4.com>

Fri, 10 Nov 2017 07:20:09 +0000 (16:20 +0900)
author Jason A. Donenfeld <Jason@zx2c4.com>
Wed, 8 Nov 2017 09:40:07 +0000 (18:40 +0900)
committer Jason A. Donenfeld <Jason@zx2c4.com>
Fri, 10 Nov 2017 07:20:09 +0000 (16:20 +0900)
diff --git a/src/wg-quick.bash b/src/wg-quick.bash

index 88e671fda11a4b2f50009aa584602d1467e517b0..f69061ac9c6ddca29667b0637b5e4df09d594550 100755 (executable)
--- a/src/wg-quick.bash
+++ b/src/wg-quick.bash
@@ -30,7 +30,8 @@ parse_options() {
         [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
         [[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
         [[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
-       ((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "/etc/wireguard") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
+       CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
+       ((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "${CONFIG_FILE%/*}") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
         INTERFACE="${BASH_REMATCH[1]}"
         shopt -s nocasematch
         while read -r line || [[ -n $line ]]; do
author	Jason A. Donenfeld <Jason@zx2c4.com>
	Wed, 8 Nov 2017 09:40:07 +0000 (18:40 +0900)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Fri, 10 Nov 2017 07:20:09 +0000 (16:20 +0900)