[PATCH] treewide: more portable bash shebangs
Jordan Glover
Golden_Miller83 at protonmail.ch
Tue Jul 16 19:32:58 CEST 2019
On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim <joerg at higgsboson.tk> wrote:
> While /usr/bin/env is more or less available on all POSIX systems
> /bin/bash might not be. This is particular the case on NixOS and the BSD
> family (/usr/local/bin/bash). Downstream packagers would often rewrite
> those shebangs back automatically as they can rely on absolute paths
> but having portable shebangs in the repository helps to run the code
> without any further modification.
>
The reason almost everyone hardcodes bash to /bin/bash is the potential
environment attack where someone create malicious "bash" and export it in PATH:
https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html
Obviously wg scripts are handling quite sensitive data like private keys...
Seriously if you except that downstream packagers would rewrite it back to
/bin/bash then why the others can't rewrite it to /usr/bin/env bash right
now if this is something they want?
Jordan
More information about the WireGuard
mailing list