The default configuration, /etc/wpa_supplicant/wpa_supplicant.conf, is world-readable, which seems to be a security threat. Reproducible: Always
wpa_supplicant is running as root, so only root needs to read that file. i can reproduce this on 0.6.8 (which is not yet in the tree :-)
same for net-wireless/wpa_supplicant-0.7.2-r3 this file contains keys and passwords. Needs fixing. Checking the ebuild something similar to this? + # fix rights in etc/asterisk before installing to /etc/asterisk + cd "${D}"; + for confile in etc/asterisk/*.*; do + fowners asterisk:asterisk $confile; + fperms 0660 $confile; + done;
Passwords are no longer stored in this file so this issue has been mitigated. The conf file is now used as a dbus configuration. Closing as noglsa due to age.