[PATCH] treewide: more portable bash shebangs
Jörg Thalheim
joerg at higgsboson.tk
Wed Jul 17 00:08:58 CEST 2019
On 16/07/2019 18.32, Jordan Glover wrote:
> On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim <joerg at higgsboson.tk> wrote:
>
>> While /usr/bin/env is more or less available on all POSIX systems
>> /bin/bash might not be. This is particular the case on NixOS and the BSD
>> family (/usr/local/bin/bash). Downstream packagers would often rewrite
>> those shebangs back automatically as they can rely on absolute paths
>> but having portable shebangs in the repository helps to run the code
>> without any further modification.
>>
> The reason almost everyone hardcodes bash to /bin/bash is the potential
> environment attack where someone create malicious "bash" and export it in PATH:
>
> https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/ShellScriptSecurity/ShellScriptSecurity.html
>
> Obviously wg scripts are handling quite sensitive data like private keys...
>
> Seriously if you except that downstream packagers would rewrite it back to
> /bin/bash then why the others can't rewrite it to /usr/bin/env bash right
> now if this is something they want?
>
> Jordan
This argument does not apply here since all commands internally could
be redirected by a PATH change as well since the PATH is not set in the scripts.
I am also not quite sure what threat model here is?
The scripts changed here are not designed to run from a CGI context
and are not hardened for that purpose.
The idea is that you can run the scripts unmodified from the repository
without having to alter the files, which is convenient for development w.r.t to git.
More information about the WireGuard
mailing list