From: Matthias Urlichs <matthias@urlichs.de>
To: wireguard@lists.zx2c4.com
Subject: Re: PostUp/PreUp/PostDown/PreDown Dangerous?
Date: Fri, 22 Jun 2018 06:01:38 +0200 [thread overview]
Message-ID: <ec7cad9e-c89c-fdad-0059-9cafef495233@urlichs.de> (raw)
In-Reply-To: <CAHmME9p6wS7BfWaa-0yHY-+T=ujqWVu_akkc1=XFO_rGAerY7A@mail.gmail.com>
On 22.06.2018 03:41, Jason A. Donenfeld wrote:
> So, the question we need to ask is whether this problem is important
> enough that these useful features should be _removed_? Or if there's a
> way to make them safer? Or if it just doesn't matter that much and we
> shouldn't do anything.
User is able to shoot themselves in the foot. Film at 11.
Seriously. If you accept untrusted "secure" network configuration
scripts from anybody without checking them, you deserve to lose. Also,
OpenVPN config is somewhat more arcane+verbose than wireguard's, thus
it's much harder to hide random script calls from even cursory glances
in a wg config file.
If we want to, we could emit a big fat warning and/or ask the user to
confirm whenever their wg-quick script is newer than
/etc/wireguard/.{NAME].warned (or we could copy the contents of the
up/down script options to that file and warn when they've changed).
That being said, tools like systemd-networkd or NetworkManager do a good
job of making that option (and thus wg-quick itself) unnecessary
altogether, so I consider that to be a mostly-non-problem.
--
-- Matthias Urlichs
next prev parent reply other threads:[~2018-06-22 3:57 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 1:34 PostUp/PreUp/PostDown/PreDown Dangerous? Jason A. Donenfeld
2018-06-22 1:35 ` Jason A. Donenfeld
2018-06-22 1:41 ` Jason A. Donenfeld
2018-06-22 1:55 ` logcabin
2018-06-22 1:56 ` Antonio Quartulli
2018-06-22 10:46 ` Jordan Glover
2018-06-22 10:53 ` Antonio Quartulli
2018-06-22 13:08 ` Jacob Baines
2018-06-22 14:47 ` Andy Dorman
2018-06-22 15:14 ` Matthias Urlichs
2018-06-22 17:11 ` Jason A. Donenfeld
2018-06-22 4:01 ` Matthias Urlichs [this message]
2018-06-22 5:44 ` Reto Brunner
2018-06-22 14:07 ` Andy Dorman
2018-06-23 19:16 ` Reto Brunner
2018-06-22 19:26 ` Lonnie Abelbeck
2018-06-22 22:13 ` Jordan Glover
2018-06-23 2:36 ` Antonio Quartulli
2018-06-23 7:02 ` Dario Bosch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ec7cad9e-c89c-fdad-0059-9cafef495233@urlichs.de \
--to=matthias@urlichs.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).