Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
> This is app is just a wrapper starting an exe with args, it's not doing much ...
You're free to run WireSock in the terminal. It's linked to in this post and in the github repo. TunnlTo aims to make WireSock more accessible and to add some quality of life features. I'm collaborating with the WireSock creator and while it may seem simple at the moment it is early days... we had to start somewhere.
> I would actually say it's pretty dangerous to have something installing .msi from git, touching registry etc ...
Did you look at this code?: https://github.com/TunnlTo/desktop-app/blob/main/dist/setup....
It tells the user why it needs to install the msi, explains what it is, and gives them the option to proceed. The msi is signed by the same EV code signing certificate as the TunnlTo app. There is also information about WireSock and links in the GitHub readme.
> installing .msi from git
The .msi doesn't come from "git", it is included in the TunnlTo installer which is standard practice.
> touching registry etc ...
I'm not sure why there would be a concern if a msi interacts with the registry? That is pretty standard stuff.
I appreciate that you've taken a look at the code but its disingenuous to draw the conclusion that its dangerous based on a String and msi file.
I assume since Wiresock is using BoringTun(https://github.com/cloudflare/boringtun) under the hood, it works similar to other userspace implementations of wireguard, (e.g. wireguard-go, wireguard-rs) in that it uses a TUN device to deliver packets to the userspace implementation, and back out to the network. So, no driver installation required, but CAP_NET_ADMIN is required to create the TUN device.