Wireguard-Go security

Wireguard-Go security

[Michael Lam]

Hi all,

Just a suggestion, I would really love to run Wireguard-go (in OpenBSD) 
with root privilege dropped. Any chance this get implemented?

I also tried to simply start wireguard-go on OpenBSD with a normal user.
However it won't start due to the fact that it is trying to set the
Tunnel MTU during startup with a tun1 device already created.

If that can be by-passed some-how (maybe fail-continue) then it may
also work. Obviously I also tried to ensure that the /dev/tun1 permission
is correct and the /var/run/wireguard directory permission is correct
before trying out.

Rgds,

Michael
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Wireguard-Go security

[Jason A. Donenfeld]

I'd like this too. Please feel free to submit patches.

We already have basic infrastructure for it: when you run without
arguments, it opens various things, and then starts a new process,
passing those things to it. The goal would be to run that second
process as non-root and with various sandboxing turned on. Check out
main.go.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard