From: Jordan Glover <Golden_Miller83@protonmail.ch>
To: "Jörg Thalheim" <joerg@higgsboson.tk>
Cc: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Re: [PATCH] treewide: more portable bash shebangs
Date: Wed, 17 Jul 2019 17:32:45 +0000 [thread overview]
Message-ID: <EELepAK6aanjfQM-_vvGuS0aAwISwGlhv5Gq2DPFexSRvZ7mFpTMbe4-hNPhtBxkRVmSJPHpojmb6KeRgRIv9sbEwajUSwnfYVkawwMc9DU=@protonmail.ch> (raw)
In-Reply-To: <c58e3e33-bf95-1154-bfe2-7b87e4e730c7@higgsboson.tk>
On Tuesday, July 16, 2019 10:08 PM, Jörg Thalheim <joerg@higgsboson.tk> wrote:
> On 16/07/2019 18.32, Jordan Glover wrote:
>
> > On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim joerg@higgsboson.tk wrote:
> >
> > > While /usr/bin/env is more or less available on all POSIX systems
> > > /bin/bash might not be. This is particular the case on NixOS and the BSD
> > > family (/usr/local/bin/bash). Downstream packagers would often rewrite
> > > those shebangs back automatically as they can rely on absolute paths
> > > but having portable shebangs in the repository helps to run the code
> > > without any further modification.
> >
> > The reason almost everyone hardcodes bash to /bin/bash is the potential
> > environment attack where someone create malicious "bash" and export it in PATH:
> > https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html
> > Obviously wg scripts are handling quite sensitive data like private keys...
> > Seriously if you except that downstream packagers would rewrite it back to
> > /bin/bash then why the others can't rewrite it to /usr/bin/env bash right
> > now if this is something they want?
> > Jordan
>
> This argument does not apply here since all commands internally could
> be redirected by a PATH change as well since the PATH is not set in the scripts.
Yep, that's something to actually fix as you won't fix things by making it worse.
> I am also not quite sure what threat model here is?
> The scripts changed here are not designed to run from a CGI context
> and are not hardened for that purpose.
> The idea is that you can run the scripts unmodified from the repository
> without having to alter the files, which is convenient for development w.r.t to git.
Then simply run "bash <script.sh>" and call it a day.
Jordan
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-07-17 17:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 12:21 Jörg Thalheim
2019-07-16 17:32 ` Jordan Glover
2019-07-16 20:07 ` Janne Johansson
2019-07-16 22:08 ` Jörg Thalheim
2019-07-17 17:32 ` Jordan Glover [this message]
2019-07-17 18:39 ` Jörg Thalheim
2019-07-17 18:52 ` Jordan Glover
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='EELepAK6aanjfQM-_vvGuS0aAwISwGlhv5Gq2DPFexSRvZ7mFpTMbe4-hNPhtBxkRVmSJPHpojmb6KeRgRIv9sbEwajUSwnfYVkawwMc9DU=@protonmail.ch' \
--to=golden_miller83@protonmail.ch \
--cc=joerg@higgsboson.tk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).