Quick question for folks on this list.
During our security review of OpenConnect server, a couple of the question were
raised:
1) Can we drop privileges from the ocserv-main process after forking the
ocserv-sm?
a. Looking through the code, I don't see any obvious reason why not,
but I might be missing something.
2) Assuming the use of Docker, would it make sense to split ocserv-sm into its
own process chain so that it can run in separate docker container (i.e. not
have it fork from ocserv-main)?
a. Goal is to avoid having to grant NET_ADMIN cap to a service that is
internet facing (i.e. ocserv-main and ocserv-worker would not have NET_ADMIN
cap).
3) Has there been any work done to fuzz the IPC, especially from ocserv-worker
-> ocserv-sm?
a. My team has a task to do this, but if we already have data on this
that would be a great place to start.
4) What is the recommended best practice for protecting the X509 cert private
key?
a. TPM + password? Encrypted disk partition?
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
