PostUp/PreUp/PostDown/PreDown Dangerous?

logcabin at logcabin at
Fri Jun 22 03:55:35 CEST 2018

I'm in favor of keeping the features. A competent sysadmin or netadmin should know not to put questionable material on their systems, or at the very least, try it on a test bed where it can't do any damage.

On Thu, Jun 21, 2018, at 9:41 PM, Jason A. Donenfeld wrote:
> Hey list,
> wg(8) is the main WireGuard configuration tool. It takes a fairly
> strict set of inputs, and is supposed to perform acceptable input
> validation on them.
> wg-quick(8), on the other and, is a dinky bash script, that is useful
> for making some common limited use cases a bit easier.
> wg-quick(8) has the very handy feature of allowing
> PostUp/PostDown/PreUp/PreDown directives, to execute some helpers,
> such as iptables or whatever else you want in a custom setup. These
> have proven very useful to folks. And because these allow arbitrary
> execution anyway, wg-quick(8) doesn't try very hard to do proper input
> validation either.
> I just saw this nice post pointing out a problem in OpenVPN:
> The same thing applies to wg-quick(8) with
> PostUp/PostDown/PreUp/PreDown. The question is how seriously we should
> take the problem presented by this blog post. Namely, you can't trust
> configuration files given to you by outside parties. Maybe you
> shouldn't reconfigure your network without inspecting what those
> reconfigurations are first. However, one could argue that code
> execution is a bit beyond networking config.
> So, the question we need to ask is whether this problem is important
> enough that these useful features should be _removed_? Or if there's a
> way to make them safer? Or if it just doesn't matter that much and we
> shouldn't do anything.
> Thoughts?
> Jason
> _______________________________________________
> WireGuard mailing list
> WireGuard at

More information about the WireGuard mailing list