Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/alwayscurious/statuses/114593812704579570">Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:58:36 JST</a><a href="https://infosec.exchange/@alwayscurious" title="alwayscurious@infosec.exchange"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Demi Marie Obenour" style="position: absolute; left: 0; top: 0;">Demi Marie Obenour</a><div><a href="https://hachyderm.io/@dalias/114593720680360555" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/275421" title="froge@social.glitched.systems">CyberFrog</a></li><li><a href="https://gnusocial.jp/user/320612" title="sparklepanic@infosec.exchange">Raven (she/they)  🏳️‍⚧️</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias" rel="nofollow">@dalias</a> <a href="https://social.glitched.systems/@froge" rel="nofollow">@froge</a> <a href="https://infosec.exchange/@sparklepanic">@sparklepanic</a> I think you are confusing how WireGuard works on Android with how it works on other desktop Linux.</p><p>On desktop Linux, WireGuard is run with CAP_NET_ADMIN privileges, so it configure the kernel WireGuard implementation.  However, on non-rooted Android, WireGuard cannot do that, because Android does not allow apps to run with CAP_NET_ADMIN!  Instead, WireGuard implements the entire protocol in userspace, and that implementation could have security-relevant bugs.  For instance, the initial implementation pushed to FreeBSD was horrifically insecure.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5118510#notice-10047426">In conversation</a><time datetime="2025-05-30T08:58:36+09:00" title="Friday, 30-May-2025 08:58:36 JST">about 5 days ago</time> <span>from <span><a href="https://infosec.exchange/@alwayscurious/114593812704579570" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@alwayscurious/114593812704579570">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Demi Marie Obenour (alwayscurious@infosec.exchange)'s status on Friday, 30-May-2025 08:58:36 JSTDemi Marie Obenour
in reply to
@dalias @froge @sparklepanic I think you are confusing how WireGuard works on Android with how it works on other desktop Linux.
On desktop Linux, WireGuard is run with CAP_NET_ADMIN privileges, so it configure the kernel WireGuard implementation. However, on non-rooted Android, WireGuard cannot do that, because Android does not allow apps to run with CAP_NET_ADMIN! Instead, WireGuard implements the entire protocol in userspace, and that implementation could have security-relevant bugs. For instance, the initial implementation pushed to FreeBSD was horrifically insecure.
In conversationabout 5 days ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice