wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Antonio Quartulli <a@unstable.cc>
To: Jordan Glover <Golden_Miller83@protonmail.ch>,
	Lonnie Abelbeck <lists@lonnie.abelbeck.com>
Cc: "baines.jacob@gmail.com" <baines.jacob@gmail.com>,
	WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: PostUp/PreUp/PostDown/PreDown Dangerous?
Date: Sat, 23 Jun 2018 10:36:31 +0800	[thread overview]
Message-ID: <654faeee-748b-77e6-2b26-a5216800b6d0@unstable.cc> (raw)
In-Reply-To: <WPqGtU0DfSVI-hq2mee5j7VBN3_KVfJjWsf1-2MDe_1z2uIk7dBWnHF733CM6d9dF1dlhC-bEMy7naNqyAOtKnRZnYYoj5B4TZffzAJF6bA=@protonmail.ch>


[-- Attachment #1.1: Type: text/plain, Size: 1863 bytes --]

Hi,

On 23/06/18 06:13, Jordan Glover wrote:
[cut]
> 
> But attacker will helpfully provide you customized 'wireguard.script'  as well
> and even tell you how to use it by setting 'chmod 4777 wireguard.script'.
> 

An attacker will also tell you to run "rm -Rf /" :-P


Jokes apart, I was talking to Jason on IRC and I suggested an idea that
might be worth sharing.

A network device driver in the kernel is free to send events to
userspace with any custom set of properties/values.

Most of you have already seen and played with those typically thrown
when an interface goes up and down, with udev normally handling them by
executing some (user-)configured action.

These events can be easily created and customized by any kernel module
and associated to a network interface.
Wireguard could generate preup/postup/etc.. uevents and send them to
userspace.

It will then be udev to decide how to handle those.
Specific scripts could be installed by the admin, or udev could come
with its own default ones.

In any case, this would delegate the execution of scripts to a component
that is in charge of doing exactly that.

This would remove the risk of sneaking malicious things into the
configuration file, which is what people do not expect and is the core
of the issue discussed here.

(Yeah, I already hear people saying "but the malicious attacker will
tell the clueless user to install this script in udev", but I think that
by then, the problem has moved to another plane)

My experience with this mechanism comes from batman-adv[1], where it
used to report special routing events to the user so that he could react
accordingly (if desired).


just my 2 cents.


Cheers,

[1]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/batman-adv/sysfs.c#n1209

-- 
Antonio Quartulli


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2018-06-23  2:31 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-22  1:34 PostUp/PreUp/PostDown/PreDown Dangerous? Jason A. Donenfeld
2018-06-22  1:35 ` Jason A. Donenfeld
2018-06-22  1:41   ` Jason A. Donenfeld
2018-06-22  1:55     ` logcabin
2018-06-22  1:56     ` Antonio Quartulli
2018-06-22 10:46       ` Jordan Glover
2018-06-22 10:53         ` Antonio Quartulli
2018-06-22 13:08           ` Jacob Baines
2018-06-22 14:47             ` Andy Dorman
2018-06-22 15:14             ` Matthias Urlichs
2018-06-22 17:11             ` Jason A. Donenfeld
2018-06-22  4:01     ` Matthias Urlichs
2018-06-22  5:44     ` Reto Brunner
2018-06-22 14:07     ` Andy Dorman
2018-06-23 19:16       ` Reto Brunner
2018-06-22 19:26     ` Lonnie Abelbeck
2018-06-22 22:13       ` Jordan Glover
2018-06-23  2:36         ` Antonio Quartulli [this message]
2018-06-23  7:02           ` Dario Bosch

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=654faeee-748b-77e6-2b26-a5216800b6d0@unstable.cc \
    --to=a@unstable.cc \
    --cc=Golden_Miller83@protonmail.ch \
    --cc=baines.jacob@gmail.com \
    --cc=lists@lonnie.abelbeck.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).