From: Reto Brunner <brunnre8@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: Re: PostUp/PreUp/PostDown/PreDown Dangerous?
Date: Fri, 22 Jun 2018 07:44:13 +0200 [thread overview]
Message-ID: <20180622054413.54azzixsunbxdu35@ghostArch.localdomain> (raw)
In-Reply-To: <CAHmME9p6wS7BfWaa-0yHY-+T=ujqWVu_akkc1=XFO_rGAerY7A@mail.gmail.com>
On Fri, Jun 22, 2018 at 03:41:03AM +0200, Jason A. Donenfeld wrote:
> The same thing applies to wg-quick(8) with
> PostUp/PostDown/PreUp/PreDown. The question is how seriously we should
> take the problem presented by this blog post. Namely, you can't trust
> configuration files given to you by outside parties. Maybe you
> shouldn't reconfigure your network without inspecting what those
> reconfigurations are first. However, one could argue that code
> execution is a bit beyond networking config.
You should never run *any* config from the internet without inspecting
it...
Even if it isn't a reverse shell directly, you can still for example end
up with questionable cipher suit choices in say openvpn or openssh if
you just blindly do that.
So please don't remove the hooks. They are very useful for many reasons
and adding an additional knob will not make it any more secure.
As others already said those users anyhow just run random commands from
$blog (heck they even copy / paste fork bombs and stuff like `rm -rf /*`)
In my view the whole point of wg-quick is that it can do things like the
post-up hook, to enter things like firewall rules etc.
Kind regards,
Reto
next prev parent reply other threads:[~2018-06-22 5:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 1:34 PostUp/PreUp/PostDown/PreDown Dangerous? Jason A. Donenfeld
2018-06-22 1:35 ` Jason A. Donenfeld
2018-06-22 1:41 ` Jason A. Donenfeld
2018-06-22 1:55 ` logcabin
2018-06-22 1:56 ` Antonio Quartulli
2018-06-22 10:46 ` Jordan Glover
2018-06-22 10:53 ` Antonio Quartulli
2018-06-22 13:08 ` Jacob Baines
2018-06-22 14:47 ` Andy Dorman
2018-06-22 15:14 ` Matthias Urlichs
2018-06-22 17:11 ` Jason A. Donenfeld
2018-06-22 4:01 ` Matthias Urlichs
2018-06-22 5:44 ` Reto Brunner [this message]
2018-06-22 14:07 ` Andy Dorman
2018-06-23 19:16 ` Reto Brunner
2018-06-22 19:26 ` Lonnie Abelbeck
2018-06-22 22:13 ` Jordan Glover
2018-06-23 2:36 ` Antonio Quartulli
2018-06-23 7:02 ` Dario Bosch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180622054413.54azzixsunbxdu35@ghostArch.localdomain \
--to=brunnre8@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).