[PATCH] treewide: more portable bash shebangs

Jordan Glover Golden_Miller83 at protonmail.ch
Tue Jul 16 19:32:58 CEST 2019

On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim <joerg at higgsboson.tk> wrote:

> While /usr/bin/env is more or less available on all POSIX systems
> /bin/bash might not be. This is particular the case on NixOS and the BSD
> family (/usr/local/bin/bash). Downstream packagers would often rewrite
> those shebangs back automatically as they can rely on absolute paths
> but having portable shebangs in the repository helps to run the code
> without any further modification.

The reason almost everyone hardcodes bash to /bin/bash is the potential
environment attack where someone create malicious "bash" and export it in PATH:


Obviously wg scripts are handling quite sensitive data like private keys...

Seriously if you except that downstream packagers would rewrite it back to
/bin/bash then why the others can't rewrite it to /usr/bin/env bash right
now if this is something they want?


More information about the WireGuard mailing list