From: Jordan Glover <Golden_Miller83@protonmail.ch>
To: Antonio Quartulli <a@unstable.cc>
Cc: "baines.jacob@gmail.com" <baines.jacob@gmail.com>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: PostUp/PreUp/PostDown/PreDown Dangerous?
Date: Fri, 22 Jun 2018 06:46:48 -0400 [thread overview]
Message-ID: <CgE9_flxwDk6vYs9xSAoTvLJp5qHdNF20xieK4syAMzldOBqEq5lZ3gZN77A7ambiqtFeuBfm-jXarYLMvcY4LAn1aC9ub1su871JPhDpUo=@protonmail.ch> (raw)
In-Reply-To: <a7989c95-0047-dfe9-e870-59db44fbb463@unstable.cc>
On June 22, 2018 3:56 AM, Antonio Quartulli <a@unstable.cc> wrote:
>=20
> In case this might be useful: in OpenVPN there is an additional
>=20
> parameter called "--script-security" that requires to be set to a
>=20
> certain level before allowing configured scripts to be executed.
>=20
> Unfortunately there is no real protection against the clueless user, who
>=20
> can and will blindly enable that setting if asked by a $random VPN provid=
er.
>=20
> However, I still believe (and hope) that forcing the user to enable a
>=20
> specific knob may raise the level of attention.
>=20
> Maybe something similar could be added as a command line parameter to
>=20
> wg/wg-quick so that it will execute the various
>=20
> PostUp/PreUp/PostDown/PreDown only if allowed to?
>=20
> Just as a side note: this is not a VPN specific problem, this is
>=20
> something users can end up with everytime they execute some binary with
>=20
> a configuration they have not inspected. So, be careful out there ;-)
>=20
> Cheers,
>=20
Attacker can pass appropriate "--script-security" level with the very same =
config
containing malicious commands so this isn't solving problem of not looking =
at
the content of config files. I think blindly using untrusted files from the=
web is
indefensible. Sure, we could throw away this functionality completely but =
then
we will punish people who bother to look at the configs before using them a=
nd
make their life little harder while the others will still find their footgu=
n somewhere
else as this is rather generic issue not limited to wireguard or even netwo=
rking.
Jordan
next prev parent reply other threads:[~2018-06-22 10:41 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 1:34 PostUp/PreUp/PostDown/PreDown Dangerous? Jason A. Donenfeld
2018-06-22 1:35 ` Jason A. Donenfeld
2018-06-22 1:41 ` Jason A. Donenfeld
2018-06-22 1:55 ` logcabin
2018-06-22 1:56 ` Antonio Quartulli
2018-06-22 10:46 ` Jordan Glover [this message]
2018-06-22 10:53 ` Antonio Quartulli
2018-06-22 13:08 ` Jacob Baines
2018-06-22 14:47 ` Andy Dorman
2018-06-22 15:14 ` Matthias Urlichs
2018-06-22 17:11 ` Jason A. Donenfeld
2018-06-22 4:01 ` Matthias Urlichs
2018-06-22 5:44 ` Reto Brunner
2018-06-22 14:07 ` Andy Dorman
2018-06-23 19:16 ` Reto Brunner
2018-06-22 19:26 ` Lonnie Abelbeck
2018-06-22 22:13 ` Jordan Glover
2018-06-23 2:36 ` Antonio Quartulli
2018-06-23 7:02 ` Dario Bosch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CgE9_flxwDk6vYs9xSAoTvLJp5qHdNF20xieK4syAMzldOBqEq5lZ3gZN77A7ambiqtFeuBfm-jXarYLMvcY4LAn1aC9ub1su871JPhDpUo=@protonmail.ch' \
--to=golden_miller83@protonmail.ch \
--cc=a@unstable.cc \
--cc=baines.jacob@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).