On 16/07/2019 18.32, Jordan Glover wrote: > On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim <jo...@higgsboson.tk> wrote: > >> While /usr/bin/env is more or less available on all POSIX systems >> /bin/bash might not be. This is particular the case on NixOS and the BSD >> family (/usr/local/bin/bash). Downstream packagers would often rewrite >> those shebangs back automatically as they can rely on absolute paths >> but having portable shebangs in the repository helps to run the code >> without any further modification. >> > The reason almost everyone hardcodes bash to /bin/bash is the potential > environment attack where someone create malicious "bash" and export it in > PATH: > > https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html > > Obviously wg scripts are handling quite sensitive data like private keys... > > Seriously if you except that downstream packagers would rewrite it back to > /bin/bash then why the others can't rewrite it to /usr/bin/env bash right > now if this is something they want? > > Jordan
This argument does not apply here since all commands internally could be redirected by a PATH change as well since the PATH is not set in the scripts. I am also not quite sure what threat model here is? The scripts changed here are not designed to run from a CGI context and are not hardened for that purpose. The idea is that you can run the scripts unmodified from the repository without having to alter the files, which is convenient for development w.r.t to git. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
