PostUp/PreUp/PostDown/PreDown Dangerous?

[Jordan Glover]

On June 22, 2018 3:56 AM, Antonio Quartulli <a at unstable.cc> wrote:
> 
> In case this might be useful: in OpenVPN there is an additional
> 
> parameter called "--script-security" that requires to be set to a
> 
> certain level before allowing configured scripts to be executed.
> 
> Unfortunately there is no real protection against the clueless user, who
> 
> can and will blindly enable that setting if asked by a $random VPN provider.
> 
> However, I still believe (and hope) that forcing the user to enable a
> 
> specific knob may raise the level of attention.
> 
> Maybe something similar could be added as a command line parameter to
> 
> wg/wg-quick so that it will execute the various
> 
> PostUp/PreUp/PostDown/PreDown only if allowed to?
> 
> Just as a side note: this is not a VPN specific problem, this is
> 
> something users can end up with everytime they execute some binary with
> 
> a configuration they have not inspected. So, be careful out there ;-)
> 
> Cheers,
> 

Attacker can pass appropriate "--script-security" level with the very same config
containing malicious commands so this isn't solving problem of not looking at
the content of config files. I think blindly using untrusted files from the web is
indefensible. Sure, we could throw away this functionality completely  but then
we will punish people who bother to look at the configs before using them and
make their life little harder while the others will still find their footgun somewhere
else as this is rather generic issue not limited to wireguard or even networking.

Jordan