On Tuesday, July 16, 2019 10:08 PM, Jörg Thalheim <jo...@higgsboson.tk> wrote:
> On 16/07/2019 18.32, Jordan Glover wrote: > > > On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim jo...@higgsboson.tk wrote: > > > > > While /usr/bin/env is more or less available on all POSIX systems > > > /bin/bash might not be. This is particular the case on NixOS and the BSD > > > family (/usr/local/bin/bash). Downstream packagers would often rewrite > > > those shebangs back automatically as they can rely on absolute paths > > > but having portable shebangs in the repository helps to run the code > > > without any further modification. > > > > The reason almost everyone hardcodes bash to /bin/bash is the potential > > environment attack where someone create malicious "bash" and export it in > > PATH: > > https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html > > Obviously wg scripts are handling quite sensitive data like private keys... > > Seriously if you except that downstream packagers would rewrite it back to > > /bin/bash then why the others can't rewrite it to /usr/bin/env bash right > > now if this is something they want? > > Jordan > > This argument does not apply here since all commands internally could > be redirected by a PATH change as well since the PATH is not set in the > scripts. Yep, that's something to actually fix as you won't fix things by making it worse. > I am also not quite sure what threat model here is? > The scripts changed here are not designed to run from a CGI context > and are not hardened for that purpose. > The idea is that you can run the scripts unmodified from the repository > without having to alter the files, which is convenient for development w.r.t > to git. Then simply run "bash <script.sh>" and call it a day. Jordan _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
