On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim <[email protected]> wrote:
> While /usr/bin/env is more or less available on all POSIX systems > /bin/bash might not be. This is particular the case on NixOS and the BSD > family (/usr/local/bin/bash). Downstream packagers would often rewrite > those shebangs back automatically as they can rely on absolute paths > but having portable shebangs in the repository helps to run the code > without any further modification. > The reason almost everyone hardcodes bash to /bin/bash is the potential environment attack where someone create malicious "bash" and export it in PATH: https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html Obviously wg scripts are handling quite sensitive data like private keys... Seriously if you except that downstream packagers would rewrite it back to /bin/bash then why the others can't rewrite it to /usr/bin/env bash right now if this is something they want? Jordan _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
