[PATCH] treewide: more portable bash shebangs
icepic.dz at gmail.com
Tue Jul 16 22:07:43 CEST 2019
Den tis 16 juli 2019 kl 19:34 skrev Jordan Glover <
Golden_Miller83 at protonmail.ch>:
> > While /usr/bin/env is more or less available on all POSIX systems
> > /bin/bash might not be. This is particular the case on NixOS and the BSD
> > family (/usr/local/bin/bash). Downstream packagers would often rewrite
> > those shebangs back automatically as they can rely on absolute paths
> > but having portable shebangs in the repository helps to run the code
> > without any further modification.
> The reason almost everyone hardcodes bash to /bin/bash is the potential
> environment attack where someone create malicious "bash" and export it in
Well, if they rewrite your env and PATH you can't trust anything you do on
that box ever. If wg is started with a malicious environment where IFS is
set to "/" so that
"/bin/bash" (or any absolute-path-named-program) turns into " bin bash"
then an evil PATH pointing to that "bin" would still start a bad script for
May the most significant bit of your life be positive.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WireGuard