reinitialized.net/infrastructure
2
0
Fork 0
Code Issues 37 Pull requests Projects Releases Packages Wiki Activity Actions

[LOW] Mesh network status script world-readable with topology info #29

New issue
Open
opened 2026-05-05 15:45:01 -05:00 by pjennings · 0 comments
pjennings commented 2026-05-05 15:45:01 -05:00
Owner
Copy link

Labels: area:security, area:network, priority:low, type:enhancement

Description

In modules/profiles/meshNetwork/default.nix, the mesh status script at /etc/meshNetwork/status.sh has mode 0555 (world-readable/executable). It reveals all mesh IPs, node IDs, and peer connectivity status.

Impact

Information disclosure of internal network topology to any local user.

Recommended Fix

Change permissions to 0750, restrict to wheel group.

**Labels:** area:security, area:network, priority:low, type:enhancement ## Description In modules/profiles/meshNetwork/default.nix, the mesh status script at /etc/meshNetwork/status.sh has mode 0555 (world-readable/executable). It reveals all mesh IPs, node IDs, and peer connectivity status. ## Impact Information disclosure of internal network topology to any local user. ## Recommended Fix Change permissions to 0750, restrict to wheel group.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
indev
No results found.
Labels
Clear labels   
area:documentation

Documentation, inventory, runbooks

  
area:infrastructure

Infrastructure services and hardware

  
area:network

Network, firewall, and connectivity

  
area:security

Security vulnerabilities and findings

  
priority:critical

Fix immediately — active risk

  
priority:high

Fix within 1-2 weeks

  
priority:low

Backlog — hardening and best practices

  
priority:medium

Fix within 1 month

  
status:blocked

Blocked on dependency or decision

  
type:bug

Misconfiguration or broken behavior

  
type:deployment

New service or system deployment

  
type:enhancement

Improvement or hardening

  
type:investigation

Needs research or identification

No labels
area:documentation
area:infrastructure
area:network
area:security
priority:critical
priority:high
priority:low
priority:medium
status:blocked
type:bug
type:deployment
type:enhancement
type:investigation
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
reinitialized.net/infrastructure#29
No description provided.