> It's a bit of a shame that Librem Tunnel doesn't use WireGuard, though I imagi...

cyphar · on May 1, 2019

It's in the process of being merged into net-next and mainline right now[1] and most of the hangups are around the new crypto library that WireGuard uses[2].

But honestly though, the risk is identical to any other kernel module -- the author and future subsystem maintainer ensures it builds and works with all new and old kernels, and releases snapshots very regularly. Almost all distributions have packages for WireGuard which are automatically rebuilt with new kernel releases.

There are arguments against using it because it's still (on paper) pre-1.0 software but given it's had fairly widespread use for the past 3 years and no security nightmares it's shown to be quite a bit more secure than

[1]: https://marc.info/?l=linux-netdev&m=155323912319537&w=2 [2]: https://lwn.net/Articles/770750/

craftyguy · on May 1, 2019

> the risk is identical to any other kernel module

Nope, it's not identical. There's a forcing function (e.g. Linus) to help motivate maintainers to fix their crap in the kernel tree if it breaks. That forcing function does not exist for out of tree patches.

cyphar · on May 2, 2019

If we were talking about the out-of-tree VirtualBox drivers I would agree with you. But we're not -- WireGuard has proven itself to be incredibly solid for the past 3 years and supports all kernels since 3.10 (with each commit getting tested against all of those kernels).

To be honest, that is far more stringent requirements than most subsystems in the Linux tree. Being in-tree is better for a variety of reasons, but just because something is in-tree doesn't make it significantly more stable or safe (I can think of several counter-examples where Linus hasn't motivated maintainers to fix mistakes and breaking changes).