On Sat, 07 Sep 2024 10:19:33 +0100
David Woodhouse <dw...@infradead.org> wrote:
> (And even then, strictly openconnect itself doesn't need privs; I've
> never experimented much with 'openconnect -s "sudo vpnc-script", and
> I'm not entirely sure there's much point without a lot of focus on
> hardening vpnc-script itself to be a safe entry point.)
FWIW, in theory, there's a use case for becoming another _regular_ user
to run vpnc-script-sshd. Which only goes to show that it's nice
to have the privilege separation.
Regards,
Karl <k...@karlpinc.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
