adorman at ironicdesign.com
Fri Jun 22 16:07:43 CEST 2018
On 6/21/18 8:41 PM, Jason A. Donenfeld wrote:
> So, the question we need to ask is whether this problem is important
> enough that these useful features should be_removed_? Or if there's a
> way to make them safer? Or if it just doesn't matter that much and we
> shouldn't do anything.
We use wg-quick with PostUp/PostDown/PreUp/PreDown and would prefer that
feature be retained.
However, looking ahead I believe Wireguard's speed, simplicity, and
simple, straightforward configuration and operation is going to attract
marginally competent amateur users that definitely do not qualify as a
system or network admin.
So, while it should be obvious, it wouldn't hurt to add a short warning
(in bold) to the wg-quick man page that lets these "amateur" users know
of the potential danger. Something along the lines of "Using a config
written by someone else that you do not understand and have not vetted
for security is stupid and can be dangerous. For example, the
PostUp/PostDown/PreUp/PreDown commands can be used to enable malicious
code. So always be certain your configuration and the code it executes
does only what you expect."
Ironic Design, Inc.
More information about the WireGuard