On Sat, 07 Sep 2024 10:19:33 +0100 David Woodhouse <dw...@infradead.org> wrote:
> (And even then, strictly openconnect itself doesn't need privs; I've > never experimented much with 'openconnect -s "sudo vpnc-script", and > I'm not entirely sure there's much point without a lot of focus on > hardening vpnc-script itself to be a safe entry point.) FWIW, in theory, there's a use case for becoming another _regular_ user to run vpnc-script-sshd. Which only goes to show that it's nice to have the privilege separation. Regards, Karl <k...@karlpinc.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel