From the Github page, "I started this because I wanted to do C network programming"
I think this is a poor choice (from a security perspective). It should be written in Go or rust. C programs (exposed to the network) are dangerous even when written by experienced developers.
Really, in 2022, everything Internet facing should be written in a memory safe language, running as a normal user (no root) and have a strong MAC policy applied. Anything else is too risky.
Damn, do I have to shut down my wireguard VPN now? Memsafety is not everything. IMHO, everyone should write security relevant code in Ada Spark. There is reasons not to do it, I guess. At least now one can rewrite it in Rust an post it on HN...
Does Wireguard not do a privilege downgrade? That seems important. I know it needs some additional privileges, and therefore (right now?) will not run in a container (which is annoying), but after it has set up an interface, why doesn't it back off its privileges? I really want to try Wireguard but kept getting hung up on stuff like this.
I think this is a poor choice (from a security perspective). It should be written in Go or rust. C programs (exposed to the network) are dangerous even when written by experienced developers.
Really, in 2022, everything Internet facing should be written in a memory safe language, running as a normal user (no root) and have a strong MAC policy applied. Anything else is too risky.