On 22/06/18 18:46, Jordan Glover wrote:
> On June 22, 2018 3:56 AM, Antonio Quartulli <a@unstable.cc> wrote:
>>
>> In case this might be useful: in OpenVPN there is an additional
>>
>> parameter called "--script-security" that requires to be set to a
>>
>> certain level before allowing configured scripts to be executed.
>>
>> Unfortunately there is no real protection against the clueless user, who
>>
>> can and will blindly enable that setting if asked by a $random VPN provider.
>>
>> However, I still believe (and hope) that forcing the user to enable a
>>
>> specific knob may raise the level of attention.
>>
>> Maybe something similar could be added as a command line parameter to
>>
>> wg/wg-quick so that it will execute the various
>>
>> PostUp/PreUp/PostDown/PreDown only if allowed to?
>>
>> Just as a side note: this is not a VPN specific problem, this is
>>
>> something users can end up with everytime they execute some binary with
>>
>> a configuration they have not inspected. So, be careful out there ;-)
>>
>> Cheers,
>>
> 
> Attacker can pass appropriate "--script-security" level with the very same config
> containing malicious commands so this isn't solving problem of not looking at
> the content of config files. 

that's why I suggested to implement it as a command line knob for
wg/wg-quick.

But I totally agree with you that against this kind of issues there is
not really a lot the developer can do - each of us is free to shoot
himself in the foot.

Regards,

-- 
Antonio Quartulli