PostUp/PreUp/PostDown/PreDown Dangerous?
Reto Brunner
brunnre8 at gmail.com
Fri Jun 22 07:44:13 CEST 2018
On Fri, Jun 22, 2018 at 03:41:03AM +0200, Jason A. Donenfeld wrote:
> The same thing applies to wg-quick(8) with
> PostUp/PostDown/PreUp/PreDown. The question is how seriously we should
> take the problem presented by this blog post. Namely, you can't trust
> configuration files given to you by outside parties. Maybe you
> shouldn't reconfigure your network without inspecting what those
> reconfigurations are first. However, one could argue that code
> execution is a bit beyond networking config.
You should never run *any* config from the internet without inspecting
it...
Even if it isn't a reverse shell directly, you can still for example end
up with questionable cipher suit choices in say openvpn or openssh if
you just blindly do that.
So please don't remove the hooks. They are very useful for many reasons
and adding an additional knob will not make it any more secure.
As others already said those users anyhow just run random commands from
$blog (heck they even copy / paste fork bombs and stuff like `rm -rf /*`)
In my view the whole point of wg-quick is that it can do things like the
post-up hook, to enter things like firewall rules etc.
Kind regards,
Reto
More information about the WireGuard
mailing list